Bug#547318: [pkg-horde] Bug#547318: horde3: CVE-2009-3236 possibility to overwrite arbitrary files with the permissions of the webserver

On Wed, Sep 23, 2009 at 01:51:25AM +0200, Nico Golde wrote: Yes and I confirm the vulnerability for etch. For old-security, patch is pushed: http://git.debian.org/?p=pkg-horde/horde3.git;a=commitdiff;h=0a71866537d0bd896fda156ba83be746483714a4 Now, I'm waiting upstream advice before

Bug#547318: [pkg-horde] Bug#547318: horde3: CVE-2009-3236 possibility to overwrite arbitrary files with the permissions of the webserver

On Mon, Sep 21, 2009 at 12:43:51PM +0200, Nico Golde wrote: Now I'm testing package and preparing upload for sid. Are you also working on etch? That would be nice, I think this deserves a DSA. Yes and I confirm the vulnerability for etch. For old-security, patch is pushed:

Bug#547318: [pkg-horde] Bug#547318: horde3: CVE-2009-3236 possibility to overwrite arbitrary files with the permissions of the webserver

Hi, * Gregory Colpart r...@evolix.fr [2009-09-23 00:58]: On Mon, Sep 21, 2009 at 12:43:51PM +0200, Nico Golde wrote: Now I'm testing package and preparing upload for sid. Are you also working on etch? That would be nice, I think this deserves a DSA. Yes and I confirm the

Bug#547318: [pkg-horde] Bug#547318: horde3: CVE-2009-3236 possibility to overwrite arbitrary files with the permissions of the webserver

Hi, * Gregory Colpart r...@evolix.fr [2009-09-20 20:09]: Hello, On Fri, Sep 18, 2009 at 05:18:14PM +0200, Nico Golde wrote: the following CVE (Common Vulnerabilities Exposures) id was published for horde3. Work in progress. For stable-security, patches are pushed:

Bug#547318: [pkg-horde] Bug#547318: horde3: CVE-2009-3236 possibility to overwrite arbitrary files with the permissions of the webserver

Hello, On Fri, Sep 18, 2009 at 05:18:14PM +0200, Nico Golde wrote: the following CVE (Common Vulnerabilities Exposures) id was published for horde3. Work in progress. For stable-security, patches are pushed: