Bug 219304 (CVE-2008-1974)

Comment 1 Matt Fleming (RETIRED) 2008-04-25 22:51:32 UTC

Should be grouped with bug #212635 and bug #213493 for glsa.

Comment 2 Matt Fleming (RETIRED) 2008-04-25 23:24:19 UTC

I'm not sure whether this has been patched upstream yet, so I'm setting the whiteboard appropriately. Based on comments from rbu@ we might not want to group this with the other bugs for a glsa because this bug is xss only.

Comment 3 Matt Fleming (RETIRED) 2008-04-27 19:08:30 UTC

This issue has been fixed in 2.1.8 of kronolith. A CVE id has been requested. Setting herd and whiteboard.

Comment 4 Robert Buchholz (RETIRED) 2008-04-27 22:04:13 UTC

cc'ing vapier as primary maintainer. Do you know whether other horde packages carry a kronolith copy?

Comment 5 Matthias Geerdsen (RETIRED) 2008-04-29 11:32:12 UTC

CVE-2008-1974

Comment 6 SpanKY 2008-05-04 10:57:46 UTC

the only packages that would bundle any horde sub-packages would be horde-webmail or horde-groupware

Comment 7 Gunnar Wrobel (RETIRED) 2008-06-24 11:22:29 UTC

horde-kronolith-2.1.8 is in the tree.

Target archs:

  alpha amd64 hppa ppc sparc x86

Comment 8 Christian Faulhammer (RETIRED) 2008-06-24 21:51:24 UTC

x86 stable

Comment 9 Raúl Porcel (RETIRED) 2008-06-26 11:09:49 UTC

alpha/sparc stable

Comment 10 Tobias Scherbaum (RETIRED) 2008-06-26 20:37:59 UTC

ppc stable

Comment 11 Jeroen Roovers (RETIRED) 2008-06-28 15:27:38 UTC

Stable for HPPA.

Comment 12 Markus Meier 2008-07-06 19:22:12 UTC

amd64 stable, sorry for the delay.

Comment 13 Robert Buchholz (RETIRED) 2008-07-30 00:38:53 UTC

GLSA vote: NO

Comment 14 Pierre-Yves Rofes (RETIRED) 2008-07-31 08:45:36 UTC

NO too, closing.