Accepted horde3 3.1.3-4etch7 (source all)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Format: 1.7
Date: Tue, 05 Jan 2010 14:37:59 +0100
Source: horde3
Binary: horde3
Architecture: source all
Version: 3.1.3-4etch7
Distribution: oldstable-security
Urgency: high
Maintainer: Horde Maintainers <pkg-horde-hackers@lists.alioth.debian.org>
Changed-By: Steffen Joeris <white@debian.org>
Description:
horde3 - horde web application framework
Changes:
horde3 (3.1.3-4etch7) oldstable-security; urgency=high
.
* Non-maintainer upload by the security team
* Fix several cross-site scripting vulnerabilities via crafted number
preferences or inline MIME text parts when using text/plain as MIME
type (horde ticket #8311 and #8399)
Fixes: CVE-2009-3237
* Fix cross-site scripting vulnerability via data:text/html values in
an HTML email message (horde ticket #8715)
Fixes: CVE-2009-4363
* Fix several cross-site scripting vulnerabilities via the PATH_INFO
variable due to use of the PHP_SELF variable
Fixes: CVE-2009-3701
Files:
48b9e415b5f6ab912615d4da1fdbf972 691 web optional horde3_3.1.3-4etch7.dsc
15471b64c8321f477800da4cfe3ff8e4 17280 web optional horde3_3.1.3-4etch7.diff.gz
b0788ebca983b9059a7fa05ada2de4cb 5282070 web optional horde3_3.1.3-4etch7_all.deb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (GNU/Linux)
iEYEARECAAYFAktDQ4YACgkQ62zWxYk/rQfuFACgh9q40w/F43l4vVCLmdRhWQQT
twMAmQFUfCdv+sffQoTSQK4WG/BCcv8m
=NtOQ
-----END PGP SIGNATURE-----
Accepted:
horde3_3.1.3-4etch7.diff.gz
to main/h/horde3/horde3_3.1.3-4etch7.diff.gz
horde3_3.1.3-4etch7.dsc
to main/h/horde3/horde3_3.1.3-4etch7.dsc
horde3_3.1.3-4etch7_all.deb
to main/h/horde3/horde3_3.1.3-4etch7_all.deb