[announce] Turba H3 (2.0.5) (final)
chuck at horde.org
Sun Dec 11 11:36:52 PST 2005
The Horde Team is pleased to announce the final release of the Turba Contact
Manager version H3 (2.0.5).
This is a security release that fixes cross site scripting
vulnerabilities in several of the address book name and contact data
fields. None of the vulnerabilities can be exploited by
unauthenticated users; however, we strongly recommend that all users
of Turba 2.0.4 upgrade to 2.0.5 as soon as possible.
Many thanks to Johannes Greil of SEC Consult
(http://www.sec-consult.com/) for reporting these problems and working
with us to test the fixes.
Turba is the Horde contact management application. It is a production level
address book, and makes heavy use of the Horde framework to provide
integration with IMP and other Horde applications.
Major changes compared to the Turba version H3 (2.0.4) are:
* Close several XSS vulnerabilities with address book and contact data.
The full list of changes (from version H3 (2.0.4)) can be viewed here:
The Turba H3 (2.0.5) distribution is available from the following locations:
Patches against version H3 (2.0.4) are available at:
Or, for quicker access, download from your nearest mirror:
MD5 sums for the packages are as follows:
The Horde Team.
More information about the announce