[horde] Any more updates for Horde 3.0.x?
Chuck Hagenbuch
chuck at horde.org
Thu Mar 16 12:51:14 PST 2006
Quoting Greg Swallow - SkyNet <gregswallow at skynetonline.ca>:
> Just wondering if it is recommended now to move to Horde 3.1 as a security
> update from 3.0.9?
Yes, in general, as the 3.0 series is officially deprecated now.
> Someone brought this to my attention -
> http://www.securityfocus.com/bid/17117/info - but I didn't see any mention
> of it on this list.
This is highly dependant on your PHP version as to whether or not it
is actually exploitable. While we did make sure that no matter what
Horde 3.1 is not exploitable, I never saw a working exploit on any of
my machines - it depends on there being bugs in *both* parse_url and
readfile.
-chuck
--
"we are plastered to the windshield of the bus that is time." - Chris
More information about the horde
mailing list