Moritz Mühlenhoff <[email protected]> writes: > On Thu, Jan 30, 2014 at 12:00:10PM -0500, Micah Anderson wrote: >> Package: horde3 >> Version: 3.3.8+debian0-2 >> Severity: serious >> Tags: security >> Justification: security issue >> >> Hello, >> >> As detailed on the debian security tracker[0] and reported on oss-sec[1] and >> assigned CVE 2014-1691, there is a remote code execution bug in horde >> affecting all versions from at least horde 3.1.x to 5.1.1. >> >> That includes squeeze... I've got a patch that applies to the horde3 package >> in squeeze that resolves this issue, please find it attached[2]... I've >> built and tested these packages on Squeeze in an active environment. I am >> not certain where this particular code is used, so I wasn't sure if I was >> able to test exactly that code path. >> >> If you would like, I can provide a package for squeeze for a DSA. > > 2. > https://gist.github.com/pietro/8712454/raw/b03bc5ecb7ec1f1f778b867ecd6d9d142d0ddaf7/gistfile1.diff > > Yes, please upload a fixed oldstable package with the patch
Done. -- To UNSUBSCRIBE, email to [email protected] with a subject of "unsubscribe". Trouble? Contact [email protected]
