Change log for horde3 package in Ubuntu
| 1 → 30 of 30 results | First • Previous • Next • Last |
| Deleted in trusty-release (Reason: (From Debian) ROM; Obsolete; Debian bug #683554) |
| Obsolete in saucy-release |
| Obsolete in raring-release |
| Obsolete in quantal-release |
horde3 (3.3.12+debian0-2.2) unstable; urgency=high * Non-maintainer upload by the Security Team. * Fix XSS in email validation * Rename SessionHandler to work with php5.4 (Closes: #675526). -- Luk Claes <email address hidden> Sat, 23 Jun 2012 12:22:31 +0200
Available diffs
| Superseded in quantal-release |
horde3 (3.3.12+debian0-2.1) unstable; urgency=low * Non-maintainer upload. * Fixed Call-time pass-by-reference (Closes: #658866). -- Thomas Goirand <email address hidden> Mon, 30 Apr 2012 04:53:30 +0000
Available diffs
- diff from 3.3.12+debian0-2 to 3.3.12+debian0-2.1 (876 bytes)
horde3 (3.3.12+debian0-2) unstable; urgency=emergency
* Remove backdoor in emergency (upstream server is compromised).
CVE-2012-0209
-- Gregory Colpart <email address hidden> Thu, 09 Feb 2012 00:41:34 +0100
Available diffs
- diff from 3.3.12+debian0-1 to 3.3.12+debian0-2 (870 bytes)
| Superseded in precise-release |
horde3 (3.3.12+debian0-1) unstable; urgency=low
* New upstream release (Closes: #636592)
- Fix 'return value of new by reference is deprecated', at least in
lib/Horde/Kolab/Server/Object.php (Closes: #630142, #601186)
- pgsql create script fixed (Closes: #508571)
- Fix dirty flag handling when saving prefs to files (Closes: #538027)
- Fix preferences management regression (Closes: #634962)
- Fix SQL error during cache cleanup (Closes: #566610)
- Fix undefined index: token_lifetime (Closes: #629006)
* Housekeeping (thanks to lintian):
- spelling error in README.Debian (writeable writable)
- Update to standards version 3.9.2, no change required
- Don't use asterisks in NEWS.Debian
- Use versioned LGPL-2.1 in copyright
- Add minimal build-indep and build-arch targets to d/rules
* Switch to dpkg-source 3.0 (quilt) format
* Remove conflict on horde and old turba2 (very old packages)
-- Mathieu Parent <email address hidden> Sat, 07 Jan 2012 12:23:19 +0100
Available diffs
horde3 (3.3.8+debian0-2) unstable; urgency=medium
* Backport security patches from 3.3.9 and 3.3.10 to fix CVE-2010-3077
and CVE-2010-3694 (Closes: #598582)
* Backport upstream fix from 3.3.10 for SyncML bug: page sometimes deleting
more anchors than selected.
* Fix annoying bug in temp-cleanup.cron (Closes: #597603)
-- Ubuntu Archive Auto-Sync <email address hidden> Tue, 09 Nov 2010 09:45:08 +0000
Available diffs
horde3 (3.3.8+debian0-1) unstable; urgency=low [ Mathieu Parent ] * Add misc:Depends to pear-horde-channel [ Gregory Colpart ] * New upstream release. * Update to standards version 3.8.4, no further required changes. -- Ubuntu Archive Auto-Sync <email address hidden> Mon, 10 May 2010 07:43:22 +0100
Available diffs
- diff from 3.3.6+debian0-2 to 3.3.8+debian0-1 (203.0 KiB)
horde3 (3.2.2+debian0-2+lenny2build0.9.04.1) jaunty-security; urgency=low * fake sync from Debian
Available diffs
horde3 (3.3.6+debian0-2) unstable; urgency=low
* Correct debian/links
* Updated check for upstream JS libs
* Add call to dh_link (Closes: #562138 imp4: Javascript problems after
upgrade)
Available diffs
- diff from 3.3.5+debian0-1 to 3.3.6+debian0-2 (407.9 KiB)
| Superseded in lucid-release |
horde3 (3.3.5+debian0-1) unstable; urgency=high
[ Gregory Colpart ]
* New upstream release.
* This version is mainly for fixing security bugs, in particular a
vulnerability in image form fields that allows overwriting of arbitrary
local files. See CVE-2009-3236 for more information. (Closes: #547318)
* Adjust branch names in debian/rules for refresh-patches.
* Add patch-stamp in COPY_EXCLUDE (oops).
* Add php-mdb2* packages in Recommends (Closes: #528927).
* Update to standards version 3.8.3, no further required changes.
[ Mathieu Parent ]
* Install /etc/horde/horde3/registry.d directory
-- Ubuntu Archive Auto-Sync <email address hidden> Thu, 05 Nov 2009 06:01:24 +0000
Available diffs
- diff from 3.3.4+debian0-1 to 3.3.5+debian0-1 (291.2 KiB)
horde3 (3.2.2+debian0-2+lenny1build0.9.04.1) jaunty-security; urgency=low * fake sync from Debian -- Jamie Strandboge <email address hidden> Tue, 06 Oct 2009 10:06:35 -0500
Available diffs
horde3 (3.3.4+debian0-1) unstable; urgency=low * New upstream release. * Change Vcs-Browser field (migrate a --bare git repository on alioth). * Update to standards version 3.8.1, no further required changes. -- Ubuntu Archive Auto-Sync <email address hidden> Sat, 02 May 2009 11:47:17 +0100
Available diffs
- diff from 3.3.3+debian0-1 to 3.3.4+debian0-1 (281.2 KiB)
| Superseded in karmic-release |
horde3 (3.3.3+debian0-1) unstable; urgency=low
* New upstream release. (Closes: #513015)
* This new version has a lot of fixes and improvements, and includes some
changes backported previously.
* Add "Git patches" stuff in debian/rules.
* Add horde PEAR channel within pear-horde-channel package. (Closes: #514007)
* Add Mathieu Parent in Uploaders: field.
* We use now Git, upgrade Vcs-* in debian/control.
-- Ubuntu Archive Auto-Sync <email address hidden> Wed, 29 Apr 2009 00:14:43 +0100
Available diffs
- diff from 3.2.2+debian0-2 to 3.3.3+debian0-1 (994.1 KiB)
horde3 (3.2.2+debian0-2) unstable; urgency=high
* Add informations in README.Debian about test.php files: these files should
not be "allow from all", because test.php includes private informations and
could be unsafe (for example see CVE-2008-4182).
* Include a patch from Horde upstream to fix an IE-only hole in XSS filter
(See CVE-2008-5917 for more information). (Closes: #512592)
* Include patches from Horde upstream to fix a file inclusion issue in
Horde_Image driver name (Image/Image.php) and an unescaped output in
the tag cloud block (services/portal/cloud_search.php). (Closes: #513265)
-- Ubuntu Archive Auto-Sync <email address hidden> Mon, 09 Feb 2009 08:56:29 +0000
Available diffs
| Superseded in jaunty-release |
horde3 (3.2.2+debian0-1) unstable; urgency=high
* New upstream release.
* This version is mainly for fixing two security bugs: unescaped output in
the MIME library and improve the XSS filter for HTML (See CVE-2008-3823 for
more information). (Closes: #499579)
* Add changelog entry with CVE ID in changelog for 3.2.1+debian0-1.
* Fix misspelling in Recommends: field. (Closes: #499001)
* Improve upgrade path Etch->Lenny with forcing to show diff of
/etc/horde/horde3/registry.php because all horde components are now
inactive by default. (Closes: #493885)
* Change Gregory Colpart's email address in debian/control file.
Available diffs
horde3 (3.2.1+debian0-1) unstable; urgency=low
* New upstream release.
* This new version has major changes compared to the previous version: an
alarm system that can send email, generate inline notifications, and play
sounds for events in any Horde application; support for read and write
databases; operation when the database is down; many performance
improvements, several slick new themes; WCAG 1.0 Priority 2/Section 508
accessibility guidelines compliance; full Kolab webclient support; many
improvements in the JavaScript and user interface; a new tree view for
Help along with keyword search; support for memcache clustering; and many,
many bug fixes and small enhancements.
* With this new version: remove of backported patch for correcting invalid
entities in es_ES (#461400) and manual merge for
config/mime_drivers.php.dist and config.conf.xml for keeping Debian
specific patches.
* Thanks to Mathieu Parent <email address hidden> for his help/patches for
this package.
* Repack upstream source to remove fckeditor, tinymce and scriptaculous
(size of upstream source is now instead 7 Mo instead of 8 Mo).
* Added a check in debian/rules to make sure that those external libs are not
in the orig.tar.gz
* A lot of improvements in debian/copyright file.
* Some adjustements in debian/rules: remove exec rights for xml/png/gif/css/
js/jpg/html/htm files, no more need to remove empty directories and copy
CREDITS file.
* Link some *.js files with libjs-scriptaculous package.
* Link editors (tinymce and fckeditor) with tinymce2 and fckeditor packages.
* Add unrtf and libwpd-tools in "Suggests" field.
* Add patch to keep PAM authentication stays compatible with precedent
version (and with php5-auth-pam package). Add php5-auth-pam to Suggests:
field.
* Update to standards version 3.8.0, no further required changes.
-- Ubuntu Archive Auto-Sync <email address hidden> Thu, 19 Jun 2008 13:23:20 +0100
Available diffs
- diff from 3.1.7-1 to 3.2.1+debian0-1 (3.4 MiB)
horde3 (3.1.4-1ubuntu0.1) gutsy-security; urgency=low * SECURITY UPDATE: (LP: #203456) + Directory traversal vulnerability in Horde 3.1.6, Groupware before 1.0.5, and Groupware Webmail Edition before 1.0.6, when running with certain configurations, allows remote authenticated users to read and execute arbitrary files via ".." sequences and a null byte in the theme name. Fix directory traversal vulnerability in Registry.php which allows an attacker to read and execute arbitrary local files via crafted path sequences. * References + http://ftp.horde.org/pub/horde/patches/patch-horde-3.1.6-3.1.7.gz + http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=2008-1284 + http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=470640 + http://www.debian.org/security/2008/dsa-1519 -- Emanuele Gentili <email address hidden> Thu, 27 Mar 2008 14:03:40 +0100
horde3 (3.1.3-4ubuntu0.1) feisty-security; urgency=low * SECURITY UPDATE: (LP: #203456) + Directory traversal vulnerability in Horde 3.1.6, Groupware before 1.0.5, and Groupware Webmail Edition before 1.0.6, when running with certain configurations, allows remote authenticated users to read and execute arbitrary files via ".." sequences and a null byte in the theme name. Fix directory traversal vulnerability in Registry.php which allows an attacker to read and execute arbitrary local files via crafted path sequences. * References + http://ftp.horde.org/pub/horde/patches/patch-horde-3.1.6-3.1.7.gz + http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=2008-1284 + http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=470640 + http://www.debian.org/security/2008/dsa-1519 -- Emanuele Gentili <email address hidden> Thu, 27 Mar 2008 14:57:51 +0100
horde3 (3.1.3-1ubuntu0.1) edgy-security; urgency=low * SECURITY UPDATE: (LP: #203456) + Directory traversal vulnerability in Horde 3.1.6, Groupware before 1.0.5, and Groupware Webmail Edition before 1.0.6, when running with certain configurations, allows remote authenticated users to read and execute arbitrary files via ".." sequences and a null byte in the theme name. Fix directory traversal vulnerability in Registry.php which allows an attacker to read and execute arbitrary local files via crafted path sequences. * References + http://ftp.horde.org/pub/horde/patches/patch-horde-3.1.6-3.1.7.gz + http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=2008-1284 + http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=470640 + http://www.debian.org/security/2008/dsa-1519 -- Emanuele Gentili <email address hidden> Thu, 27 Mar 2008 15:58:32 +0100
horde3 (3.1.1-1ubuntu0.1) dapper-security; urgency=low * SECURITY UPDATE: (LP: #203456) + Directory traversal vulnerability in Horde 3.1.6, Groupware before 1.0.5, and Groupware Webmail Edition before 1.0.6, when running with certain configurations, allows remote authenticated users to read and execute arbitrary files via ".." sequences and a null byte in the theme name. Fix directory traversal vulnerability in Registry.php which allows an attacker to read and execute arbitrary local files via crafted path sequences. * References + http://ftp.horde.org/pub/horde/patches/patch-horde-3.1.6-3.1.7.gz + http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=2008-1284 + http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=470640 + http://www.debian.org/security/2008/dsa-1519 -- Emanuele Gentili <email address hidden> Thu, 27 Mar 2008 16:05:35 +0100
horde3 (3.1.7-1) unstable; urgency=high
* New upstream release.
* This new version has security fix: fix arbitrary file inclusion through
abuse of the theme preference (see CVE-2008-1284 for more informations).
(Closes: #470640)
* Fix typo in debian/rules comments.
* Add php-net-imap package in "Suggests" field. (Closes: #470283)
* Add libgeoip1 package in "Suggests" field. (Closes: #376935)
-- William Grant <email address hidden> Sat, 15 Mar 2008 14:00:34 +0100
horde3 (3.1.6-1) unstable; urgency=high
* New upstream release.
* This new version has security fixes : privilege escalation in the Horde
API and XSS vulnerabilities (see CVE-2007-6018 for more informations).
(Closes: #461131)
* This new version fixes also translation error in it_IT locale
(Closes: #459555)
* Import fix from Horde CVS to correct invalid entities in es_ES
translantion (thanks to Adrian Santos Marrero <email address hidden>)
(Closes: #461400)
* Update to standards version 3.7.3, no further required changes.
* Use now Vcs-* fields in debian/control.
* Remove empty directories which causes lintian warnings.
* Bump debhelper compat level to 5.
* Add Homepage field.
horde3 (3.1.4-1) unstable; urgency=high
* New upstream release.
* Transition to PHP5 for Recommends and Suggests fields. (Closes: #432237)
* Remove old phpapi-* from Depends: (Closes: #420644)
* Clean Depends, Recommends and Suggests fields.
* Remove exec right for XML files in debian/rules.
* Add locales in Recommends.
* Disable upstream _detect_webroot() function (unsable in Debian).
* Fix XSS vulnerability. See CVE-2007-1473 for more information.
(Closes: #434045)
-- Michael Bienia <email address hidden> Tue, 24 Jul 2007 10:15:43 +0100
horde3 (3.1.3-5) unstable; urgency=low
* Changed webroot from /horde to /horde3, especially regarding cookie
handling, closes: #391493.
-- Ubuntu Archive Auto-Sync <email address hidden> Tue, 22 May 2007 08:22:51 +0100
horde3 (3.1.3-4) unstable; urgency=high
* Correction for arbitrary file deletion vulnerability,
closes: #415116. Thanks to Paul TBBle Hampson <email address hidden>
for providing the patch.
horde3 (3.1.3-2) unstable; urgency=low
* Changed the default cookie path from /horde to horde3, closes:
#391493. Thanks for Gregory Colpart <email address hidden> for committing
this change and to Lorenzo Bettini <email address hidden> for
suggesting it.
-- Ubuntu Archive Auto-Sync <email address hidden> Tue, 07 Nov 2006 01:58:27 +0000
horde3 (3.1.3-1) unstable; urgency=low
* New upstream version, closes: #383416. This is a bugfix release to
correct CVE-2006-4256.
* Now suggests gettext, closes: #385457.
horde3 (3.1.1-3) unstable; urgency=high
* The SuSE maintainer found several XSS isses in Horde. See
CVE-2006-2195 for more information. Thanks to Moritz Muehlenhoff
<email address hidden> for providing the patch.
horde3 (3.1.1-1) unstable; urgency=high
[ Lionel Elie Mamane <email address hidden> ]
* New upstream version
- Close remote arbitrary command execution hole (closes: #360023)
* Really exclude {arch} directory from being installed in binary
package.
horde3 (3.0.9-2) unstable; urgency=high * Correct fix for weatherdotcom. -- Ola Lundqvist <email address hidden> Fri, 16 Dec 2005 20:50:01 +0100
horde3 (3.0.4-4) unstable; urgency=low
* Added conflict on horde so removing horde do not cause configuration
removal in horde3, closes: #307623.
-- Ola Lundqvist <email address hidden> Wed, 4 May 2005 23:08:08 +0200
| 1 → 30 of 30 results | First • Previous • Next • Last |
