[board] Fwd: [ppelanne at hostgator.com: Horde Webmail file inclusion proof of concept & patch.]
Chuck Hagenbuch
chuck at horde.org
Fri Mar 7 18:00:02 UTC 2008
Quoting Kevin Konowalec <webadmin at ualberta.ca>:
> Oh okay... had our security guy jumping on me this morning over this
> so I had to verify it was in fact legit.
It is not.
> Would any serious vulnerability/patch be widely announced on the list?
Per http://wiki.horde.org/SecurityManagement, issues will be discussed
on the vendor@ list (which is not publicly archived - this one is),
and releases will clearly state they contain security fixes and will
be announced through usual channels (the announce@ list, etc.).
-chuck
More information about the board
mailing list