[horde] DFN-CERT-2014-0154

Robert Schetterer rs at sys4.de
Fri Feb 7 17:32:45 UTC 2014


Am 07.02.2014 18:18, schrieb Arjen de Korte:
> Citeren Robert Schetterer <rs at sys4.de>:
> 
>> Hi any more info about this?
>>
>>
>> https://portal.cert.dfn.de/adv/DFN-CERT-2014-0154/
>> http://www.debian.org/security/2014/dsa-2853
>> http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=737149
>>
>> ...
>> As detailed on the debian security tracker[0] and reported on oss-sec[1]
>> and assigned CVE 2014-1691, there is a remote code execution bug in
>> horde affecting all versions from at least horde 3.1.x to 5.1.1.
>> ...
>>
>> looks like debian has a fix at
>>
>> https://gist.github.com/pietro/8712454/raw/b03bc5ecb7ec1f1f778b867ecd6d9d142d0ddaf7/gistfile1.diff
>>
> 
> So what? This is old news, it was fixed upstream weeks before debian
> released updated packages.

ok , thats good news, but might interest horde3 users which arent using
deb packs, i guess most other people have allready upgraded to Horde 5.1.5

> 
> 



Best Regards
MfG Robert Schetterer

-- 
[*] sys4 AG

http://sys4.de, +49 (89) 30 90 46 64
Franziskanerstraße 15, 81669 München

Sitz der Gesellschaft: München, Amtsgericht München: HRB 199263
Vorstand: Patrick Ben Koetter, Marc Schiffbauer
Aufsichtsratsvorsitzender: Florian Kirstein


More information about the horde mailing list