Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 213493 (CVE-2008-1284) - www-apps/horde+horde-groupware+horde-webmail Local File Inclusion (CVE-2008-1284)
Summary: www-apps/horde+horde-groupware+horde-webmail Local File Inclusion (CVE-2008-1...
Alias: CVE-2008-1284
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: High minor (vote)
Assignee: Gentoo Security
Whiteboard: B3 [glsa]
Depends on:
Reported: 2008-03-15 13:59 UTC by Robert Buchholz (RETIRED)
Modified: 2008-05-05 21:21 UTC (History)
0 users

See Also:
Package list:
Runtime testing required: ---


Note You need to log in before you can comment on or make changes to this bug.
Description Robert Buchholz (RETIRED) gentoo-dev 2008-03-15 13:59:13 UTC
CVE-2008-1284 (
  Directory traversal vulnerability in Horde 3.1.6, Groupware before 1.0.5, and
  Groupware Webmail Edition before 1.0.6, when running with certain
  configurations, allows remote authenticated users to read and execute
  arbitrary files via ".." sequences and a null byte in the theme name.
Comment 1 Robert Buchholz (RETIRED) gentoo-dev 2008-03-15 14:03:07 UTC
=www-apps/horde-groupware-1.0.5 : In tree, ~arch only.
=www-apps/horde-webmail-1.0.6   : In tree, ~arch only.
=www-apps/horde-3.1.7           : In tree, we need this stable.

vapier, is that ok with you?
Comment 2 SpanKY gentoo-dev 2008-03-15 23:55:37 UTC
it's fine
Comment 3 Tobias Scherbaum (RETIRED) gentoo-dev 2008-03-18 18:34:10 UTC
ppc stable, and adding arches ;)
Comment 4 Jeroen Roovers (RETIRED) gentoo-dev 2008-03-18 19:19:42 UTC
Stable for HPPA.
Comment 5 Raúl Porcel (RETIRED) gentoo-dev 2008-03-18 19:38:58 UTC
alpha/sparc/x86 stable
Comment 6 Markus Meier gentoo-dev 2008-03-21 11:44:14 UTC
amd64 stable (last arch)
Comment 7 Peter Volkov (RETIRED) gentoo-dev 2008-03-21 20:34:12 UTC
Fixed in release shapshot.
Comment 8 Robert Buchholz (RETIRED) gentoo-dev 2008-03-24 19:47:31 UTC
I vote yes together with bug 212635.
Comment 9 Tobias Heinlein (RETIRED) gentoo-dev 2008-03-29 20:23:10 UTC
Voting YES, too.
Comment 10 Pierre-Yves Rofes (RETIRED) gentoo-dev 2008-05-05 21:21:01 UTC
GLSA 200805-01