Hello, The package horde3 has a vulnerability (See CVE-2008-3330 and #492578).
I prepared fixed package for etch version (source package and debdiff): http://gcolpart.evolix.net/debian/horde3/horde3_3.1.3-4etch4.dsc http://gcolpart.evolix.net/debian/horde3/horde3_3.1.3-4etch3_3.1.3-4etch4.diff Information for the advisory: 8<---------------------------------- horde3 -- cross-site scripting vulnerability Date Reported: ?? Aug 2008 Affected Packages: horde3 Vulnerable: Yes Security database references: In Mitre's CVE dictionary: CVE-2008-3330 More information: It was discovered that the Horde web application framework has insufficient input sanitising in services/obrowser/index.php (CVE-2008-3330). For the stable distribution (etch) this problem has been fixed in version 3.1.3-4etch4. The unstable distribution (sid) is not affected. We recommend that you upgrade your horde3 package. 8<---------------------------------- Regards, -- Gregory Colpart <[EMAIL PROTECTED]> GnuPG:1024D/C1027A0E Evolix - Informatique et Logiciels Libres http://www.evolix.fr/ -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
