Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!

Bug 127889

Summary: www-apps/horde: Remote Code Execution in Help Viewer (CVE-2006-1491)
Product: Gentoo Security Reporter: Jule Slootbeek <jslootbeek>
Component: VulnerabilitiesAssignee: Gentoo Security <security>
Status: RESOLVED FIXED    
Severity: major    
Priority: High    
Version: unspecified   
Hardware: All   
OS: All   
URL: http://lists.horde.org/archives/announce/2006/000271.html
Whiteboard: B1 [glsa] dizzutch
Package list:
Runtime testing required: ---
Bug Depends on:    
Bug Blocks: 126435    

Description Jule Slootbeek 2006-03-28 11:53:40 UTC 
http://lists.horde.org/archives/announce/2006/000271.html:
Remote code execution vulnerability discovered in the help viewer.
Help viewer is enabled by default.
--
Issue is fixed in build 3.1.1 available from www.horde.org
Comment 1 Stefan Cornelius (RETIRED) gentoo-dev 2006-03-28 11:56:34 UTC 
Vapier please provide updated ebuilds, thx.
Comment 2 SpanKY gentoo-dev 2006-03-28 16:56:06 UTC 
3.1.1 in portage
Comment 3 Stefan Cornelius (RETIRED) gentoo-dev 2006-03-28 17:02:59 UTC 
arches, please test and stable 3.1.1, thank you.
Comment 4 Mark Loeser (RETIRED) gentoo-dev 2006-03-28 21:33:59 UTC 
x86 done
Comment 5 Gustavo Zacarias (RETIRED) gentoo-dev 2006-03-29 05:14:53 UTC 
hppa & sparc stable.
Comment 6 Tobias Scherbaum (RETIRED) gentoo-dev 2006-03-29 10:57:20 UTC 
ppc stable
Comment 7 Simon Stelling (RETIRED) gentoo-dev 2006-03-30 07:54:05 UTC 
amd64 stable
Comment 8 Jose Luis Rivero (yoswink) (RETIRED) gentoo-dev 2006-03-31 12:48:20 UTC 
Alpha stable

Sorry about the delay on the horde security bugs but I had a really bad week and my free time was reduced to zero. :(

Please, remember that amd64 need to complete bug #126435 in order to keyword stable all horde-3 related plugins.

Thanks.
Comment 9 Thierry Carrez (RETIRED) gentoo-dev 2006-04-01 02:48:09 UTC 
amd64 should mark the whole 3.1 framework stable, meaning :
 horde-chora-2.0.1
 horde-kronolith-2.1
 horde-imp-4.1
 horde-mnemo-2.1
 horde-nag-2.1
 horde-passwd-3.0
 horde-gollem-1.0.2
 horde-ingo-1.1
 horde-turba-2.1
as detailed on bug 126435
Comment 10 Jule Slootbeek 2006-04-04 05:37:09 UTC 
AMD64 team, do you have an update on the status of this B1? The GLSA is ready, and we're waiting for you to mark this as stable.
Could you please provide an update?
Comment 11 Simon Stelling (RETIRED) gentoo-dev 2006-04-04 10:25:29 UTC 
sorry. we're done now.
Comment 12 Jule Slootbeek 2006-04-04 10:34:06 UTC 
Thanks amd64, DerCony, she's all yours.
Comment 13 Stefan Cornelius (RETIRED) gentoo-dev 2006-04-04 12:00:15 UTC 
GLSA 200604-02

Thanks everybody!