[horde] [SECURITY] Horde Groupware Webmail Edition 1.1.3 (final)

Markus Braun charmed21muc at hotmail.com
Wed Sep 10 21:22:37 UTC 2008 

Hi

also i versions 1.1.2 i get an error in the startup screen when i logged in:



Warning:  Invalid argument supplied for foreach() in /kunden/XXXX/webseiten/webmail/ingo/lib/Block/overview.php on line 50

thx

marcus


> From: jan at horde.org
> To: announce at lists.horde.org; horde at lists.horde.org
> Date: Wed, 10 Sep 2008 15:08:36 +0200
> Subject: [horde] [SECURITY] Horde Groupware Webmail Edition 1.1.3 (final)
> 
> The Horde Team is pleased to announce the final release of the Horde Groupware
> Webmail Edition version 1.1.3.
> 
> This is a security release that fixes unescaped output in the MIME library
> (CVE-2008-3823), and further improves the XSS filter for HTML messages
> (CVE-2008-3824). The unescaped output vulnerability can be triggered by
> sending specially crafted e-mail messages to users of Horde Groupware Webmail
> Edition. All users are encouraged to upgrade to this version.
> 
> Many thanks to Alexios Fakos for detecting these vulnerabilities, and oCERT
> for notifying us.
> 
> Horde Groupware Webmail Edition is a free, enterprise ready, browser based
> communication suite. Users can read, send and organize email messages with
> three different webmail interfaces and manage and share calendars, contacts,
> tasks and notes with the standards compliant components from the Horde
> Project.
> 
> The major changes compared to the Horde Groupware Webmail Edition  
> version 1.1.2
> are:
>      * Fixed unescaped output in the MIME library.
>      * Further improved the XSS filter for HTML.
> 
> The full list of changes (from version 1.1.2) can be viewed here:
> 
> http://cvs.horde.org/diff.php/groupware/docs/webmail/CHANGES?r1=1.24&r2=1.25&ty=h
> 
> The Horde Groupware Webmail Edition 1.1.3 distribution is available  
> from the following locations:
> 
>      ftp://ftp.horde.org/pub/horde-webmail/horde-webmail-1.1.3.tar.gz
>      http://ftp.horde.org/pub/horde-webmail/horde-webmail-1.1.3.tar.gz
> 
> Patches against version 1.1.2 are available at:
> 
>       
> ftp://ftp.horde.org/pub/horde-webmail/patches/patch-horde-webmail-1.1.2-1.1.3.gz
>       
> http://ftp.horde.org/pub/horde-webmail/patches/patch-horde-webmail-1.1.2-1.1.3.gz
> 
> Or, for quicker access, download from your nearest mirror:
> 
>      http://www.horde.org/mirrors.php
> 
> MD5 sums for the packages are as follows:
> 
>      a7c812ae4f5e3ebe7cf86cca30981c71  horde-webmail-1.1.3.tar.gz
>      5406aa41feb16b0e759ff1ba658be9b1  patch-horde-webmail-1.1.2-1.1.3.gz
> 
> Have fun!
> 
> The Horde Team.
> --
> Horde mailing list - Join the hunt: http://horde.org/bounties/#horde
> Frequently Asked Questions: http://horde.org/faq/
> To unsubscribe, mail: horde-unsubscribe at lists.horde.org

_________________________________________________________________
Neu: Office Live Workspace, der kostenlose Online-Arbeitsbereich für Office. Ideal auch für Teams. Jetzt ausprobieren!
http://workspace.officelive.com/?lc=1031&cloc=de-DE

More information about the horde mailing list