-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Format: 1.7 Date: Thu, 21 Feb 2008 02:17:37 +0100 Source: turba2 Binary: turba2 Architecture: source all Version: 2.0.2-1sarge1 Distribution: oldstable-security Urgency: high Maintainer: Ola Lundqvist <opal@debian.org> Changed-By: Gregory Colpart (evolix) <reg@evolix.fr> Description: turba2 - contact management component for horde framework Closes: 464058 Changes: turba2 (2.0.2-1sarge1) oldstable-security; urgency=high . * Fix unchecked access to contacts in the same SQL table, if the unique key of another user's contact can be guessed. See CVE-2008-0807 for more informations. (Closes: #464058) * Fix privilege escalation in Horde API. * Close several XSS vulnerabilities with address book and contact data. Files: 78ef803c5a5c3c0564ddd8b23a96da4d 626 web optional turba2_2.0.2-1sarge1.dsc 43381a9620d08ad17758fc533e865db3 1221378 web optional turba2_2.0.2.orig.tar.gz 8ccfd8d4f1886141a916d706217d8a73 8049 web optional turba2_2.0.2-1sarge1.diff.gz ee4a5791cb7b942305f9095b9b3ae697 1282950 web optional turba2_2.0.2-1sarge1_all.deb -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.6 (GNU/Linux) iD8DBQFHvd+9wM/Gs81MDZ0RAqHaAKC7uu/8TNn6rBQDFeccDMhHAsjFZACggpZE GxcN9VEj5Cuf6oRyGAjg6JE= =Wd+H -----END PGP SIGNATURE----- Accepted: turba2_2.0.2-1sarge1.diff.gz to pool/main/t/turba2/turba2_2.0.2-1sarge1.diff.gz turba2_2.0.2-1sarge1.dsc to pool/main/t/turba2/turba2_2.0.2-1sarge1.dsc turba2_2.0.2-1sarge1_all.deb to pool/main/t/turba2/turba2_2.0.2-1sarge1_all.deb