[board] Fwd: [ppelanne at hostgator.com: Horde Webmail file inclusion proof of concept & patch.]

[Chuck Hagenbuch]

Quoting Kevin Konowalec <webadmin at ualberta.ca>:

> So I'm wondering if we shouldn't have a formalized procedure/practice
> for getting things like this out to the masses?  Seems like it would
> be the prudent thing to do...

We do: http://wiki.horde.org/SecurityManagement

These people didn't coordinate with us, their vulnerability is at  
least partially bogus, and the fix is wrong.

-chuck