[board] Fwd: [ppelanne at hostgator.com: Horde Webmail file inclusion proof of concept & patch.]
Kevin Konowalec
webadmin at ualberta.ca
Fri Mar 7 16:38:15 UTC 2008
Oh okay... had our security guy jumping on me this morning over this
so I had to verify it was in fact legit. Would any serious
vulnerability/patch be widely announced on the list?
Thanks Chuck,
K
On Mar 7, 2008, at 9:32 AM, Chuck Hagenbuch wrote:
> Quoting Kevin Konowalec <webadmin at ualberta.ca>:
>
>> So I'm wondering if we shouldn't have a formalized procedure/practice
>> for getting things like this out to the masses? Seems like it would
>> be the prudent thing to do...
>
> We do: http://wiki.horde.org/SecurityManagement
>
> These people didn't coordinate with us, their vulnerability is at
> least partially bogus, and the fix is wrong.
>
> -chuck
> __
> board mailing list
> Frequently Asked Questions: http://horde.org/faq/
> To unsubscribe, mail: board-unsubscribe at lists.horde.org
>
Kevin Konowalec
Web Systems Administrator
Academic Information and Communications Technologies (AICT)
University of Alberta
Phone: (780) 492-3168
Fax: (780) 492-1729
kevin.konowalec at ualberta.ca
This communication is intended for the use of the recipient to which
it is
addressed, and may contain confidential, personal, and/or privileged
information. Please contact us immediately if you are not the intended
recipient of this communication. If you are not the intended
recipient of
this communication, do not copy, distribute, or take action on it. Any
communication received in error, or subsequent reply, should be
deleted or
destroyed.
More information about the board
mailing list