[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

[Backports-security-announce] Security Update for egroupware

Jan Wagner uploaded new packages for egroupware which fixed the
following security problems:


  Multiple directory traversal vulnerabilities in FCKeditor before allow remote attackers to create executable files in arbitrary
  directories via directory traversal sequences in the input to
  unspecified connector modules, as exploited in the wild for remote
  code execution in July 2009, related to the file browser and the
  editor/filemanager/connectors/ directory.

For the lenny-backports distribution the problems have been fixed in
version 1.6.002+dfsg-1~bpo50+1.

For the sid distributions the problems have been fixed in version

Upgrade instructions

If you don't use pinning (see [1]) you have to update the packages
manually via "apt-get -t lenny-backports install <packagelist>" with the
packagelist of your installed packages affected by this update.
[1] <http://backports.org/dokuwiki/doku.php?id=instructions>

We recommend to pin the backports repository to 200 so that new versions
of installed  backports will be installed automatically:

  Package: *
  Pin: release a=lenny-backports
  Pin-Priority: 200

Attachment: signature.asc
Description: Digital signature

Reply to: