===================================================================== CERT-Renater Note d'Information No. 2010/VULN483 _____________________________________________________________________ DATE : 23/11/2010 HARDWARE PLATFORM(S) : / OPERATING SYSTEM(S) : Systems running Horde version prior to 3.3.11, Horde Groupware versions prior to 1.2.9, Horde Groupware Webmail Edition versions prior to 1.2.9. ====================================================================== http://lists.horde.org/archives/announce/2010/000574.html http://lists.horde.org/archives/announce/2010/000575.html http://lists.horde.org/archives/announce/2010/000576.html ______________________________________________________________________ The Horde Team is pleased to announce the final release of the Horde Application Framework version 3.3.11. The Horde Application Framework is a modular, general-purpose web application framework written in PHP. It provides an extensive array of classes that are targeted at the common problems and tasks involved in developing modern web applications. The major changes compared to Horde version 3.3.10 are: * Fixed XSS vulnerability when viewing details of a vCard. * Fix exporting recurrence exceptions to vCalendar 1.0. * Various fixed relating to synchronization. * Minor bug fixes and improvements. The full list of changes (from version 3.3.10) can be viewed here: http://cvs.horde.org/diff.php/horde/docs/CHANGES?rt=horde&r1=1.515.2.633&r2=1.515.2.641&ty=h The Horde 3.3.11 distribution is available from the following locations: ftp://ftp.horde.org/pub/horde/horde-3.3.11.tar.gz http://ftp.horde.org/pub/horde/horde-3.3.11.tar.gz Patches against version 3.3.10 are available at: ftp://ftp.horde.org/pub/horde/patches/patch-horde-3.3.10-3.3.11.gz http://ftp.horde.org/pub/horde/patches/patch-horde-3.3.10-3.3.11.gz Or, for quicker access, download from your nearest mirror: http://www.horde.org/mirrors.php MD5 sums for the packages are as follows: ee6aee3ab7891913f6faf615f37748e3 horde-3.3.11.tar.gz 70b85e4bb839db0b1f4d9d0c3d09ae7a patch-horde-3.3.10-3.3.11.gz Have fun! The Horde Team. __________________________________________________________________________ The Horde Team is pleased to announce the final release of the Horde Groupware version 1.2.9. Horde Groupware is a free, enterprise ready, browser based collaboration suite. Users can manage and share calendars, contacts, tasks and notes with the standards compliant components from the Horde Project. The major changes compared to the Horde Groupware version 1.2.8 are: * Fixed XSS vulnerability when viewing details of a vCard. * Fix exporting recurrence exceptions to vCalendar 1.0. * Various fixed relating to synchronization. * Minor bug fixes and improvements. The full list of changes (from version 1.2.8) can be viewed here: http://cvs.horde.org/diff.php/groupware/docs/groupware/CHANGES?rt=horde&r1=1.38.2.14&r2=1.38.2.15&ty=h The Horde Groupware 1.2.9 distribution is available from the following locations: ftp://ftp.horde.org/pub/horde-groupware/horde-groupware-1.2.9.tar.gz http://ftp.horde.org/pub/horde-groupware/horde-groupware-1.2.9.tar.gz Patches against version 1.2.8 are available at: ftp://ftp.horde.org/pub/horde-groupware/patches/patch-horde-groupware-1.2.8-1.2.9.gz http://ftp.horde.org/pub/horde-groupware/patches/patch-horde-groupware-1.2.8-1.2.9.gz Or, for quicker access, download from your nearest mirror: http://www.horde.org/mirrors.php MD5 sums for the packages are as follows: 82761abc895b485071da6a764ebc118f horde-groupware-1.2.9.tar.gz cd1f5cb1c55853bf60adef8bd037f37a patch-horde-groupware-1.2.8-1.2.9.gz Have fun! The Horde Team. ____________________________________________________________________________ The Horde Team is pleased to announce the final release of the Horde Groupware Webmail Edition version 1.2.9. Horde Groupware Webmail Edition is a free, enterprise ready, browser based communication suite. Users can read, send and organize email messages with three different webmail interfaces and manage and share calendars, contacts, tasks and notes with the standards compliant components from the Horde Project. The major changes compared to the Horde Groupware Webmail Edition version 1.2.8 are: * Fixed XSS vulnerability when viewing details of a vCard. * Fix exporting recurrence exceptions to vCalendar 1.0. * Various fixed relating to synchronization. * Minor bug fixes and improvements. The full list of changes (from version 1.2.8) can be viewed here: http://cvs.horde.org/diff.php/groupware/docs/webmail/CHANGES?rt=horde&r1=1.35.2.15&r2=1.35.2.16&ty=h The Horde Groupware Webmail Edition 1.2.9 distribution is available from the following locations: ftp://ftp.horde.org/pub/horde-webmail/horde-webmail-1.2.9.tar.gz http://ftp.horde.org/pub/horde-webmail/horde-webmail-1.2.9.tar.gz Patches against version 1.2.8 are available at: ftp://ftp.horde.org/pub/horde-webmail/patches/patch-horde-webmail-1.2.8-1.2.9.gz http://ftp.horde.org/pub/horde-webmail/patches/patch-horde-webmail-1.2.8-1.2.9.gz Or, for quicker access, download from your nearest mirror: http://www.horde.org/mirrors.php MD5 sums for the packages are as follows: c9c08bc4b21a6c48de6cf772463cd9c8 horde-webmail-1.2.9.tar.gz 0c8571389443bc573e498b9e59ce5465 patch-horde-webmail-1.2.8-1.2.9.gz Have fun! The Horde Team. ====================================================================== ========================================================= Les serveurs de référence du CERT-Renater http://www.urec.fr/securite http://www.cru.fr/securite http://www.renater.fr ========================================================= + CERT-RENATER | tel : 01-53-94-20-44 + + 23 - 25 Rue Daviel | fax : 01-53-94-20-41 + + 75013 Paris | email: certsvp@renater.fr + =========================================================