This bug was fixed in the package horde3 - 3.1.4-1ubuntu0.1
---------------
horde3 (3.1.4-1ubuntu0.1) gutsy-security; urgency=low
* SECURITY UPDATE: (LP: #203456)
+ Directory traversal vulnerability in Horde 3.1.6, Groupware before 1.0.5,
and Groupware Webmail Edition before 1.0.6, when running with certain
configurations, allows remote authenticated users to read and execute
arbitrary
files via ".." sequences and a null byte in the theme name.
Fix directory traversal vulnerability in Registry.php which allows
an attacker to read and execute arbitrary local files via crafted
path sequences.
* References
+ http://ftp.horde.org/pub/horde/patches/patch-horde-3.1.6-3.1.7.gz
+ http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=2008-1284
+ http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=470640
+ http://www.debian.org/security/2008/dsa-1519
-- Emanuele Gentili <[EMAIL PROTECTED]> Thu, 27 Mar 2008
14:03:40 +0100
** Changed in: horde3 (Ubuntu Gutsy)
Status: Fix Committed => Fix Released
** Changed in: horde3 (Ubuntu Feisty)
Status: Fix Committed => Fix Released
--
[horde3] [CVE-2008-1284] information disclosure
https://bugs.launchpad.net/bugs/203456
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
--
ubuntu-bugs mailing list
[email protected]
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
