[Tickets #6399] Re: Unsanitized theme include vulnerability

bugs at horde.org bugs at horde.org
Fri Mar 7 23:05:51 UTC 2008


DO NOT REPLY TO THIS MESSAGE. THIS EMAIL ADDRESS IS NOT MONITORED.

Ticket URL: http://bugs.horde.org/ticket/6399
-----------------------------------------------------------------------
 Ticket             | 6399
 Updated By         | Chuck Hagenbuch <chuck at horde.org>
 Summary            | Unsanitized theme include vulnerability
-Queue              | Horde Framework Packages
+Queue              | Horde Base
-Version            | FRAMEWORK_3
+Version            | HEAD
 Type               | Bug
-State              | Unconfirmed
+State              | Resolved
 Priority           | 3. High
 Milestone          | 
 Patch              | 
 Owners             | 
-----------------------------------------------------------------------


Chuck Hagenbuch <chuck at horde.org> (2008-03-07 18:05) wrote:

This vulnerability does not exist in the FRAMEWORK_3 branch; the code in
question was removed before 3.2-RC2. It is also not clear that even in
Horde 3.1.6 and earlier it affects people who use the SQL preferences
backend. It has been reproduced with LDAP preferences. It is fixed by Horde
3.1.7, which has been released.



More information about the bugs mailing list