phpgroupware-developers
[Top][All Lists]
Advanced
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Phpgroupware-developers] PHPGW - SECURITY WARNING ALL BRANCHES

From: Olivier Berger
Subject: Re: [Phpgroupware-developers] PHPGW - SECURITY WARNING ALL BRANCHES
Date: 04 Jul 2003 11:09:02 +0200 
Le jeu 03/07/2003 à 10:15, Dave Hall a écrit :
> Hi all,
> 
> Please be aware there is minor security advisory for phpgw.  See
> http://www.security-corporation.com/articles-20030702-005.html for more
> info.
> 
> There is also a vfs security patch also.  This prevents the vfs path
> being in the document root, which has been exploited in other php based
> groupware suites.
> 
> We have fixed this in cvs for all branches (14, 16preRC and HEAD).  This
> affects all previous versions of phpgroupare.  We will be releasing
> packaged releases in about 12hours.
> 

I've tried and check what is necessary to apply to correct these bugs,
and made a diff against 0.9.14.003, and there seems to be more than
juste security patches...

Is there any details ChangeLog, and specific detail of patches that may
be necessary to correct only the security issues (and maybe links to
bugs numbers, etc.) ?

For instance if applying a patch is easier than simply deploying a
complete new version, that may be more convenient for some...

Thanks in advance.

Best regards,
-- 
Olivier BERGER <address@hidden>
Ingénieur Recherche - Dept INF
INT Evry (http://www.int-evry.fr)
OpenPGP-Id: 1024D/6B829EEC
reply via email to
[Prev in Thread] Current Thread [Next in Thread]