Lionel Elie Mamane
2006-Apr-11 15:15 UTC
[Secure-testing-team] Horde3 Vulnerability: CVE-2006-1491 remote arbitrary command execution
tags 361967 +etch sarge security thanks On Tue, Apr 11, 2006 at 10:46:07AM -0300, Pedro M?ller wrote:> See this: > http://www.securityfocus.com/bid/17292/info> Please, fix this or update to 3.0.10.An update has been submitted to the security team; I suppose they are going to release a security advisory and put the said update on the archive on security.debian.org anytime now. If you wish to use the update we prepared before it is approved by the security team, you can take it from http://people.debian.org/~lmamane/horde/ . (That update is for Debian stable 3.1 sarge. Debian unstable sid is already fixed. Debian testing etch (the "beta version" of Debian 3.2) is going to get the update automatically in a few days. If you are running Debian testing etch, you can install the horde3 / imp4 / turba2 / ... packages from unstable sid. The "secure testing" team might want to consider pushing turba2 2.1-1 to etch prematurely, as it is blocking horde3 3.1.1-1 (the version that fixes this) to migrate to testing.> This is critical!Yes, it is. -- Lionel
Moritz Muehlenhoff
2006-Apr-12 16:39 UTC
[Secure-testing-team] Re: Horde3 Vulnerability: CVE-2006-1491 remote arbitrary command execution
Lionel Elie Mamane wrote:> tags 361967 +etch sarge security > thanks > > On Tue, Apr 11, 2006 at 10:46:07AM -0300, Pedro M?ller wrote: > > > See this: > > http://www.securityfocus.com/bid/17292/info > > > Please, fix this or update to 3.0.10. > > An update has been submitted to the security team; I suppose they are > going to release a security advisory and put the said update on the > archive on security.debian.org anytime now.Umm, sorry, I was under the impression, that the update was still being prepared. I''ll check and upload tonight (European time). Cheers, Moritz