Accepted turba2 2.0.2-1sarge1 (source all)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Format: 1.7
Date: Thu, 21 Feb 2008 02:17:37 +0100
Source: turba2
Binary: turba2
Architecture: source all
Version: 2.0.2-1sarge1
Distribution: oldstable-security
Urgency: high
Maintainer: Ola Lundqvist <opal@debian.org>
Changed-By: Gregory Colpart (evolix) <reg@evolix.fr>
Description:
turba2 - contact management component for horde framework
Closes: 464058
Changes:
turba2 (2.0.2-1sarge1) oldstable-security; urgency=high
.
* Fix unchecked access to contacts in the same SQL table, if the unique key
of another user's contact can be guessed. See CVE-2008-0807 for more
informations. (Closes: #464058)
* Fix privilege escalation in Horde API.
* Close several XSS vulnerabilities with address book and contact data.
Files:
78ef803c5a5c3c0564ddd8b23a96da4d 626 web optional turba2_2.0.2-1sarge1.dsc
43381a9620d08ad17758fc533e865db3 1221378 web optional turba2_2.0.2.orig.tar.gz
8ccfd8d4f1886141a916d706217d8a73 8049 web optional turba2_2.0.2-1sarge1.diff.gz
ee4a5791cb7b942305f9095b9b3ae697 1282950 web optional turba2_2.0.2-1sarge1_all.deb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)
iD8DBQFHvd+9wM/Gs81MDZ0RAqHaAKC7uu/8TNn6rBQDFeccDMhHAsjFZACggpZE
GxcN9VEj5Cuf6oRyGAjg6JE=
=Wd+H
-----END PGP SIGNATURE-----
Accepted:
turba2_2.0.2-1sarge1.diff.gz
to pool/main/t/turba2/turba2_2.0.2-1sarge1.diff.gz
turba2_2.0.2-1sarge1.dsc
to pool/main/t/turba2/turba2_2.0.2-1sarge1.dsc
turba2_2.0.2-1sarge1_all.deb
to pool/main/t/turba2/turba2_2.0.2-1sarge1_all.deb
Reply to: