-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Format: 1.7 Date: Thu, 21 Feb 2008 02:17:51 +0100 Source: turba2 Binary: turba2 Architecture: source all Version: 2.1.3-1etch1 Distribution: stable-security Urgency: high Maintainer: Horde Maintainers <pkg-horde-hackers@lists.alioth.debian.org> Changed-By: Gregory Colpart (evolix) <reg@evolix.fr> Description: turba2 - contact management component for horde framework Closes: 464058 Changes: turba2 (2.1.3-1etch1) stable-security; urgency=high . * Fix unchecked access to contacts in the same SQL table, if the unique key of another user's contact can be guessed. See CVE-2008-0807 for more informations. (Closes: #464058) * Fix privilege escalation in the Horde API. Files: 0aa309ef908c6ab95b62fa6fbb97d7c5 722 web optional turba2_2.1.3-1etch1.dsc a0407717f3f64fb33f6a57e2244a12b4 1790717 web optional turba2_2.1.3.orig.tar.gz fcef7709711274ebf26b99e3032f4e7e 7434 web optional turba2_2.1.3-1etch1.diff.gz 0fb704f257a5d583196e10de104289f0 1860044 web optional turba2_2.1.3-1etch1_all.deb -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.6 (GNU/Linux) iD8DBQFHveA2wM/Gs81MDZ0RAix7AKCzys545lPRKunQOBRxfpwhexu57gCgo2JA zzSijNzt4cddZ5aEeOzhFv4= =8IVv -----END PGP SIGNATURE----- Accepted: turba2_2.1.3-1etch1.diff.gz to pool/main/t/turba2/turba2_2.1.3-1etch1.diff.gz turba2_2.1.3-1etch1.dsc to pool/main/t/turba2/turba2_2.1.3-1etch1.dsc turba2_2.1.3-1etch1_all.deb to pool/main/t/turba2/turba2_2.1.3-1etch1_all.deb