On Thu, Jan 30, 2014 at 12:00:10PM -0500, Micah Anderson wrote: > Package: horde3 > Version: 3.3.8+debian0-2 > Severity: serious > Tags: security > Justification: security issue > > Hello, > > As detailed on the debian security tracker[0] and reported on oss-sec[1] and > assigned CVE 2014-1691, there is a remote code execution bug in horde > affecting all versions from at least horde 3.1.x to 5.1.1. > > That includes squeeze... I've got a patch that applies to the horde3 package > in squeeze that resolves this issue, please find it attached[2]... I've built > and tested these packages on Squeeze in an active environment. I am not > certain where this particular code is used, so I wasn't sure if I was able to > test exactly that code path. > > If you would like, I can provide a package for squeeze for a DSA.
2. https://gist.github.com/pietro/8712454/raw/b03bc5ecb7ec1f1f778b867ecd6d9d142d0ddaf7/gistfile1.diff Yes, please upload a fixed oldstable package with the patch Cheers, Moritz -- To UNSUBSCRIBE, email to [email protected] with a subject of "unsubscribe". Trouble? Contact [email protected]
