-------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2010-5483 2010-04-01 00:18:09 --------------------------------------------------------------------------------
Name : horde Product : Fedora 11 Version : 3.3.6 Release : 1.fc11 URL : http://www.horde.org/ Summary : The common framework for all Horde applications Description : The Horde Framework provides a common structure and interface for Horde applications (such as IMP, a web-based mail program). This RPM is required for all other Horde module RPMs. The Horde Project writes web applications in PHP and releases them under Open Source licenses. For more information (including help with Horde and its modules) please visit http://www.horde.org/. READ /usr/share/doc/horde-3.3.6/README.Fedora AFTER INSTALLING FOR INSTRUCTIONS AND SECURITY! For additional functionality, also install horde-enhanced -------------------------------------------------------------------------------- Update Information: Upgrade to 3.3.6 - Fixes a lot of security bugs -------------------------------------------------------------------------------- ChangeLog: * Mon Mar 29 2010 Nick Bebout <[email protected] - 3.3.6-1 - Upgrade to 3.3.6 * Mon Aug 10 2009 Jason L Tibbitts III <[email protected]> - 3.3.4-2 - Fix Source0: URL. * Tue Aug 4 2009 Nick Bebout <[email protected]> - 3.3.4-1 - Upgrade to 3.3.4 * Fri Jul 24 2009 Fedora Release Engineering <[email protected]> - 3.2.1-4 - Rebuilt for https://fedoraproject.org/wiki/Fedora_12_Mass_Rebuild -------------------------------------------------------------------------------- References: [ 1 ] Bug #549506 - CVE-2009-3701 horde: PHP_SELF XSS vulnerabilities https://bugzilla.redhat.com/show_bug.cgi?id=549506 [ 2 ] Bug #549516 - CVE-2009-4363 horde: XSS vulnerability via data: URIs https://bugzilla.redhat.com/show_bug.cgi?id=549516 [ 3 ] Bug #523401 - CVE-2009-3236 Horde: Improper validation of image form fields (local files overwrite) https://bugzilla.redhat.com/show_bug.cgi?id=523401 [ 4 ] Bug #523407 - CVE-2009-3237 Horde: XSS in "number" type preferences and in MIME rendering https://bugzilla.redhat.com/show_bug.cgi?id=523407 [ 5 ] Bug #490932 - CVE-2009-0931 CVE-2009-0932 horde: XSS vulnerability and directory traversal vulnerability https://bugzilla.redhat.com/show_bug.cgi?id=490932 [ 6 ] Bug #461886 - CVE-2008-3823 horde: XSS via filename of MIME attachments (oCERT-2008-012) https://bugzilla.redhat.com/show_bug.cgi?id=461886 [ 7 ] Bug #461887 - CVE-2008-3824 horde: XSS via unescaped '/' characters (oCERT-2008-012) https://bugzilla.redhat.com/show_bug.cgi?id=461887 [ 8 ] Bug #480818 - CVE-2008-5917 horde: IE-specific XSS via image style attribute https://bugzilla.redhat.com/show_bug.cgi?id=480818 -------------------------------------------------------------------------------- This update can be installed with the "yum" update program. Use su -c 'yum update horde' at the command line. For more information, refer to "Managing Software with yum", available at http://docs.fedoraproject.org/yum/. All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/keys -------------------------------------------------------------------------------- _______________________________________________ package-announce mailing list [email protected] https://admin.fedoraproject.org/mailman/listinfo/package-announce
