[horde] Any more updates for Horde 3.0.x?
Greg Swallow - SkyNet
gregswallow at skynetonline.ca
Thu Mar 16 15:13:56 PST 2006
Chuck Hagenbuch wrote:
> > Someone brought this to my attention -
> > http://www.securityfocus.com/bid/17117/info - but I didn't see any
> mention
> > of it on this list.
>
> This is highly dependant on your PHP version as to whether or not it
> is actually exploitable. While we did make sure that no matter what
> Horde 3.1 is not exploitable, I never saw a working exploit on any of
> my machines - it depends on there being bugs in *both* parse_url and
> readfile.
Looks like the go.php from Horde 3.1 could be used in Horde 3.0, would you
agree? We aren't quite ready to make the jump to 3.1.
Greg
More information about the horde
mailing list