No he didn't. Someone please tell me he didn't... I guess we'll be seeing Rocco's out of office message for a while...
On Fri, 2006-04-14 at 16:46 +0200, Rocco Maiullari wrote: > Guten Tag ! > > Leider kann ich Ihre e-mail nicht sofort beantworten, da ich mich bis > einschl. 21.04.2006 nicht im Hause befinde. > In dringenden Fällen wenden Sie sich bitte an meinen Kollegen > > Timo Dahlhoff > Tel. : 02506 / 922 - 5266 > e-mail : [EMAIL PROTECTED] > > > Rocco Maiullari > Webmaster > > The Phone House Telecom GmbH > Münsterstr. 109 > 48155 Münster > > Fon: +49 (0) 2506 - 922 5256 > Fax: +49 (0) 2506 - 922 1292 > E-Mail: [EMAIL PROTECTED] > http://www.phonehouse.de > > Senken Sie Ihre Telefonrechnung - mit TalkTalk, unserem neuen > Festnetzangebot! Mehr Infos unter: www.talktalk.de > > >>> full-disclosure 04/14/06 16:42 >>> > > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > - -------------------------------------------------------------------------- > Debian Security Advisory DSA 1034-1 [EMAIL PROTECTED] > http://www.debian.org/security/ Moritz Muehlenhoff > April 14th, 2006 http://www.debian.org/security/faq > - -------------------------------------------------------------------------- > > Package : horde2 > Vulnerability : several > Problem-Type : remote > Debian-specific: no > CVE ID : CVE-2006-1260 CVE-2006-1491 > > Several remote vulnerabilities have been discovered in the Horde web > application framework, which may lead to the execution of arbitrary > web script code. The Common Vulnerabilities and Exposures project > identifies the following problems: > > CVE-2006-1260 > > Null characters in the URL parameter bypass a sanity check, which > allowed remote attackers to read arbitrary files, which allowed > information disclosure. > > CVE-2006-1491 > > User input in the help viewer was passed unsanitised to the eval() > function, which allowed injection of arbitrary web code. > > > The old stable distribution (woody) doesn't contain horde2 packages. > > For the stable distribution (sarge) these problems have been fixed in > version 2.2.8-1sarge2. > > The unstable distribution (sid) does no longer contain horde2 packages. > > We recommend that you upgrade your horde2 package. > > > Upgrade Instructions > - -------------------- > > wget url > will fetch the file for you > dpkg -i file.deb > will install the referenced file. > > If you are using the apt-get package manager, use the line for > sources.list as given below: > > apt-get update > will update the internal database > apt-get upgrade > will install corrected packages > > You may use an automated update by adding the resources from the > footer to the proper configuration. > > > Debian GNU/Linux 3.1 alias sarge > - -------------------------------- > > Source archives: > > > http://security.debian.org/pool/updates/main/h/horde2/horde2_2.2.8-1sarge2.dsc > Size/MD5 checksum: 575 acf3f1924f04e2faddfd06ba9b01820e > > http://security.debian.org/pool/updates/main/h/horde2/horde2_2.2.8-1sarge2.diff.gz > Size/MD5 checksum: 39504 fb338c016b70e69fa4b867fa116b86dc > > http://security.debian.org/pool/updates/main/h/horde2/horde2_2.2.8.orig.tar.gz > Size/MD5 checksum: 683005 89961af4e4488a908147d7b3a0dc3b44 > > Architecture independent components: > > > http://security.debian.org/pool/updates/main/h/horde2/horde2_2.2.8-1sarge2_all.deb > Size/MD5 checksum: 721398 35fa1bf8bf8b4f2be1076501b984367a > > > These files will probably be moved into the stable distribution on > its next update. > > - > --------------------------------------------------------------------------------- > For apt-get: deb http://security.debian.org/ stable/updates main > For dpkg-ftp: ftp://security.debian.org/debian-security > dists/stable/updates/main > Mailing list: [email protected] > Package info: `apt-cache show <pkg>' and http://packages.debian.org/<pkg> > -----BEGIN PGP SIGNATURE----- > Version: GnuPG v1.4.3 (GNU/Linux) > > iD8DBQFEP7SJXm3vHE4uyloRAsVVAJ4n9UoO57tJYCw1JePujnjy90XFvACg3DLn > nrfwvObZjSThW+pXcD8NI38= > =BIdm > -----END PGP SIGNATURE----- > > _______________________________________________ > Full-Disclosure - We believe in it. > Charter: http://lists.grok.org.uk/full-disclosure-charter.html > Hosted and sponsored by Secunia - http://secunia.com/ > > _______________________________________________ > Full-Disclosure - We believe in it. > Charter: http://lists.grok.org.uk/full-disclosure-charter.html > Hosted and sponsored by Secunia - http://secunia.com/ _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
