Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 213493 (CVE-2008-1284) - www-apps/horde+horde-groupware+horde-webmail Local File Inclusion (CVE-2008-1284)
Summary: www-apps/horde+horde-groupware+horde-webmail Local File Inclusion (CVE-2008-1...
Status: RESOLVED FIXED
Alias: CVE-2008-1284
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: High minor (vote)
Assignee: Gentoo Security
URL: http://secunia.com/advisories/29286
Whiteboard: B3 [glsa]
Keywords:
Depends on:
Blocks:
 
Reported: 2008-03-15 13:59 UTC by Robert Buchholz (RETIRED)
Modified: 2008-05-05 21:21 UTC (History)
0 users

See Also:
Package list:
Runtime testing required: ---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Robert Buchholz (RETIRED) gentoo-dev 2008-03-15 13:59:13 UTC 
CVE-2008-1284 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-1284):
  Directory traversal vulnerability in Horde 3.1.6, Groupware before 1.0.5, and
  Groupware Webmail Edition before 1.0.6, when running with certain
  configurations, allows remote authenticated users to read and execute
  arbitrary files via ".." sequences and a null byte in the theme name.
Comment 1 Robert Buchholz (RETIRED) gentoo-dev 2008-03-15 14:03:07 UTC 
=www-apps/horde-groupware-1.0.5 : In tree, ~arch only.
=www-apps/horde-webmail-1.0.6   : In tree, ~arch only.
=www-apps/horde-3.1.7           : In tree, we need this stable.

vapier, is that ok with you?
Comment 2 SpanKY gentoo-dev 2008-03-15 23:55:37 UTC 
it's fine
Comment 3 Tobias Scherbaum (RETIRED) gentoo-dev 2008-03-18 18:34:10 UTC 
ppc stable, and adding arches ;)
Comment 4 Jeroen Roovers (RETIRED) gentoo-dev 2008-03-18 19:19:42 UTC 
Stable for HPPA.
Comment 5 Raúl Porcel (RETIRED) gentoo-dev 2008-03-18 19:38:58 UTC 
alpha/sparc/x86 stable
Comment 6 Markus Meier gentoo-dev 2008-03-21 11:44:14 UTC 
amd64 stable (last arch)
Comment 7 Peter Volkov (RETIRED) gentoo-dev 2008-03-21 20:34:12 UTC 
Fixed in release shapshot.
Comment 8 Robert Buchholz (RETIRED) gentoo-dev 2008-03-24 19:47:31 UTC 
I vote yes together with bug 212635.
Comment 9 Tobias Heinlein (RETIRED) gentoo-dev 2008-03-29 20:23:10 UTC 
Voting YES, too.
Comment 10 Pierre-Yves Rofes (RETIRED) gentoo-dev 2008-05-05 21:21:01 UTC 
GLSA 200805-01