[Tickets #6399] Re: Unsanitized theme include vulnerability
bugs at horde.org
bugs at horde.org
Fri Mar 7 23:05:51 UTC 2008
DO NOT REPLY TO THIS MESSAGE. THIS EMAIL ADDRESS IS NOT MONITORED.
Ticket URL: http://bugs.horde.org/ticket/6399
-----------------------------------------------------------------------
Ticket | 6399
Updated By | Chuck Hagenbuch <chuck at horde.org>
Summary | Unsanitized theme include vulnerability
-Queue | Horde Framework Packages
+Queue | Horde Base
-Version | FRAMEWORK_3
+Version | HEAD
Type | Bug
-State | Unconfirmed
+State | Resolved
Priority | 3. High
Milestone |
Patch |
Owners |
-----------------------------------------------------------------------
Chuck Hagenbuch <chuck at horde.org> (2008-03-07 18:05) wrote:
This vulnerability does not exist in the FRAMEWORK_3 branch; the code in
question was removed before 3.2-RC2. It is also not clear that even in
Horde 3.1.6 and earlier it affects people who use the SQL preferences
backend. It has been reproduced with LDAP preferences. It is fixed by Horde
3.1.7, which has been released.
More information about the bugs
mailing list