Your message dated Sat, 24 Mar 2007 23:32:02 +0000 with message-id <[EMAIL PROTECTED]> and subject line Bug#415116: fixed in horde3 3.1.3-4 has caused the attached Bug report to be marked as done.
This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what I am talking about this indicates a serious mail system misconfiguration somewhere. Please contact me immediately.) Debian bug tracking system administrator (administrator, Debian Bugs database)
--- Begin Message ---Package: horde3 Version: 3.0.4-1, 3.1-1 Severity: critical Tags: security Justification: security hole on mere installation of package Changelog for new upstream release 3.1.4 says: This (...) fixes an arbitrary file deletion vulnerability exploitable by local system (not Horde) users on systems using the example cron cleanup script. Major changes compared to Horde 3.1.4-RC1 are: * Correctly quote file names in cleanup script for temporary files. Actually, sarge (3.0.4) may be vulnerable or not, I haven't checked yet. -- Lionel
--- End Message ---
--- Begin Message ---Source: horde3 Source-Version: 3.1.3-4 We believe that the bug you reported is fixed in the latest version of horde3, which is due to be installed in the Debian FTP archive: horde3_3.1.3-4.diff.gz to pool/main/h/horde3/horde3_3.1.3-4.diff.gz horde3_3.1.3-4.dsc to pool/main/h/horde3/horde3_3.1.3-4.dsc horde3_3.1.3-4_all.deb to pool/main/h/horde3/horde3_3.1.3-4_all.deb A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to [EMAIL PROTECTED], and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Ola Lundqvist <[EMAIL PROTECTED]> (supplier of updated horde3 package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing [EMAIL PROTECTED]) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Format: 1.7 Date: Sat, 24 Mar 2007 21:19:05 +0100 Source: horde3 Binary: horde3 Architecture: source all Version: 3.1.3-4 Distribution: unstable Urgency: high Maintainer: Horde Maintainers <[EMAIL PROTECTED]> Changed-By: Ola Lundqvist <[EMAIL PROTECTED]> Description: horde3 - horde web application framework Closes: 415116 Changes: horde3 (3.1.3-4) unstable; urgency=high . * Correction for arbitrary file deletion vulnerability, closes: #415116. Thanks to Paul TBBle Hampson <[EMAIL PROTECTED]> for providing the patch. Files: fe41fc9c6cb4888df2194dc24f3f2cc8 672 web optional horde3_3.1.3-4.dsc 466e1fb6a0cc53f5045e7bdeeb20b02f 10325 web optional horde3_3.1.3-4.diff.gz d36dc489db76a23ee361c156231574a9 5266232 web optional horde3_3.1.3-4_all.deb -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.6 (GNU/Linux) iD8DBQFGBYg/GKGxzw/lPdkRAmiNAJ43eIt/O8x1D6QGKHUGu4UV0Xh/5ACcClS0 +6mq4/xuRhmS003gAiCZH60= =wWxm -----END PGP SIGNATURE-----
--- End Message ---
