[imp] horde php packages
Jan Schneider
jan@horde.org
Fri Nov 22 12:31:05 2002
I guess what they want to know is if the RPM packages of PHP 4.1.2 that we
provide on our FTP server are vulnerable.
And, yes, they are vulnerable as they are not patched and haven't been
updated since they have been created back in March.
Zitat von Mike Cochrane <mike@graftonhall.co.nz>:
> A simple search of the code for Horde/IMP/Turba/Kronolith.... revelase no
> mail()
> function being used. And to my knownledge this is correct.
>
> Hence no issue.
>
> - Mike :-)
>
> > ----- Message from jason@netops.firstcellular.com ---------
> >
> > With the somewhat recent vulnerability to the php mail() function I've
> seen a
> > bunch of vendors release security updates to there php packages. I
> have not
> > seen the horde project do this or has anything been said about it. I
> saw
> > this
> > previouse post concerning this subject:
> > http://marc.theaimsgroup.com/?l=imp&m=103724944628635&w=2 but nobody
> > responded.
> > If anybody knows anything concerning this vulnerability and whether or
> not
> > horde's php packages for Red Hat are vulnerable would you please
> respond to
> > this. Also is Horde or any of its components vulnerable to this
> > vulnerability
> > in php?
Jan.
--
http://www.horde.org - The Horde Project
http://www.ammma.de - discover your knowledge
http://www.tip4all.de - Deine private Tippgemeinschaft
More information about the imp
mailing list