[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Security updates for horde packages



Hi Ola,

On Wed, May 04, 2005 at 06:34:51PM +0200, Ola Lundqvist wrote:

> Two days ago (if I remember correctly) I uploaded a number
> of horde packages that had an cross site scripting vulnerability
> in them. As the packages is now frozen I want them to be forced
> in to sarge.

> The pacakges are:
> kronolith, #307170, CAN-2005-1314
> sork-accounts, #307175, CAN-2005-1318
> sork-forwards, #307175, CAN-2005-1318
> sork-vacation, #307174, CAN-2005-1318
> turba, #307179, CAN-2005-1315

> You will notice that all of these uploads are of new upstream
> version. The upstream changes is small and in some cases just
> contain this fix. All these versions are stable from a upstream
> perspective so it should be safe to push them into sarge.

All approved.

> I have also uploaded a new version of imp4 with a number of
> fixes from upstream. If you think that is acceptable it would be
> very nice if you could push that in too. But this is up to you
> to decide.

Not with that explanation.  If you have specific fixes you think are
important, please give us details about them.

Cheers,
-- 
Steve Langasek
postmodern programmer

Attachment: signature.asc
Description: Digital signature


Reply to: