[horde] [SECURITY] Horde Groupware Webmail Edition 1.1.3 (final)

Markus Braun charmed21muc at hotmail.com
Wed Sep 10 14:25:27 UTC 2008


Hi,
 
is there als an update from 1.1.1 to 1.1.3?
thx
 
marcus> From: jan at horde.org> To: announce at lists.horde.org; horde at lists.horde.org> Date: Wed, 10 Sep 2008 15:08:36 +0200> Subject: [horde] [SECURITY] Horde Groupware Webmail Edition 1.1.3 (final)> > The Horde Team is pleased to announce the final release of the Horde Groupware> Webmail Edition version 1.1.3.> > This is a security release that fixes unescaped output in the MIME library> (CVE-2008-3823), and further improves the XSS filter for HTML messages> (CVE-2008-3824). The unescaped output vulnerability can be triggered by> sending specially crafted e-mail messages to users of Horde Groupware Webmail> Edition. All users are encouraged to upgrade to this version.> > Many thanks to Alexios Fakos for detecting these vulnerabilities, and oCERT> for notifying us.> > Horde Groupware Webmail Edition is a free, enterprise ready, browser based> communication suite. Users can read, send and organize email messages with> three different webmail interfaces and manage and share calendars, contacts,> tasks and notes with the standards compliant components from the Horde> Project.> > The major changes compared to the Horde Groupware Webmail Edition > version 1.1.2> are:> * Fixed unescaped output in the MIME library.> * Further improved the XSS filter for HTML.> > The full list of changes (from version 1.1.2) can be viewed here:> > http://cvs.horde.org/diff.php/groupware/docs/webmail/CHANGES?r1=1.24&r2=1.25&ty=h> > The Horde Groupware Webmail Edition 1.1.3 distribution is available > from the following locations:> > ftp://ftp.horde.org/pub/horde-webmail/horde-webmail-1.1.3.tar.gz> http://ftp.horde.org/pub/horde-webmail/horde-webmail-1.1.3.tar.gz> > Patches against version 1.1.2 are available at:> > > ftp://ftp.horde.org/pub/horde-webmail/patches/patch-horde-webmail-1.1.2-1.1.3.gz> > http://ftp.horde.org/pub/horde-webmail/patches/patch-horde-webmail-1.1.2-1.1.3.gz> > Or, for quicker access, download from your nearest mirror:> > http://www.horde.org/mirrors.php> > MD5 sums for the packages are as follows:> > a7c812ae4f5e3ebe7cf86cca30981c71 horde-webmail-1.1.3.tar.gz> 5406aa41feb16b0e759ff1ba658be9b1 patch-horde-webmail-1.1.2-1.1.3.gz> > Have fun!> > The Horde Team.> --> Horde mailing list - Join the hunt: http://horde.org/bounties/#horde> Frequently Asked Questions: http://horde.org/faq/> To unsubscribe, mail: horde-unsubscribe at lists.horde.org
_________________________________________________________________
Hotmail to go! Hol' Dir Hotmail aufs Handy!
http://windowslivemobile.msn.com/BrowserServiceHotmail.aspx?lang=de-de


More information about the horde mailing list