On Thu Feb 21, 2008 at 02:41:41 +0100, Gregory Colpart wrote:
The package turba2 has vulnerabilities (See CVE-2008-0807, bug
#464058 and changelogs of fixed sarge/etch packages).
A shining example of how to handle security updates. Thanks very
very much for the fixed packages, and the clear
Hello,
The package turba2 has vulnerabilities (See CVE-2008-0807, bug
#464058 and changelogs of fixed sarge/etch packages).
I prepared fixed packages:
- Sarge version (source package and debdiff):
http://gcolpart.evolix.net/debian/turba2/turba2_2.0.2-1sarge1.dsc
Hi Chuck,
On Fri, Feb 15, 2008 at 12:42:56AM -0500, Chuck Hagenbuch wrote:
Finally, these should be the patches for the upcoming Turba 2.1.7 and
Turba 2.2-RC3 releases. I plan to roll them tomorrow (Friday) morning,
U.S Eastern time. I'm also attaching a patch for HEAD for anyone who
Quoting Gregory Colpart [EMAIL PROTECTED]:
Thanks a lot for your final patches. Turba 2.1.7 is already in
Debian unstable distribution. But for Debian stable and
oldstable, I can't upload version 2.1.7: I need backport
security changes. Could you review my backported patches?
- Patch for Turba
Hi,
On Mon, Feb 18, 2008 at 06:26:38PM -0500, Chuck Hagenbuch wrote:
The 2.1.4 patch seems to have a bunch of extra stuff in it - I would
just do the changes to Group.php, sql.php, and browse.php. If you're
also including different fixes those would have to be reviewed
separately -
Quoting Gregory Colpart [EMAIL PROTECTED]:
I apologize because this patch includes *two* security patches:
- [jan] SECURITY: Fix privilege escalation in Horde API = from 2.1.6
- [cjh] SECURITY: Fix unchecked access to contacts in the same
SQL table (Bug #6208). = from 2.1.7 (patch spoken in
Quoting Chuck Hagenbuch [EMAIL PROTECTED]:
I agree it would be nice, but that's more in the realm of an
enhancement than a security fix. We'll consider it for Turba 2.2, but
I'd like to get 2.1.7 out with the fixes now.
Finally, these should be the patches for the upcoming Turba 2.1.7 and
7 matches
Mail list logo
