===================================================================== CERT-Renater Note d'Information No. 2013/VULN221 _____________________________________________________________________ DATE : 31/05/2013 HARDWARE PLATFORM(S): / OPERATING SYSTEM(S) : Systems running Horde Application Framework versions prior to 5.0.5, IMP version H5 versions prior to 6.0.5, Horde Groupware version prior to 5.0.5, Horde Groupware Webmail Edition version prior to 5.0.5. ====================================================================== http://lists.horde.org/archives/announce/2013/000901.html http://lists.horde.org/archives/announce/2013/000902.html http://lists.horde.org/archives/announce/2013/000907.html http://lists.horde.org/archives/announce/2013/000908.html ______________________________________________________________________ The Horde Team is pleased to announce the final release of the Horde Application Framework version 5.0.5. The Horde Application Framework is a flexible, modular, general-purpose web application framework written in PHP. It provides an extensive array of components that are targeted at the common problems and tasks involved in developing modern web applications. It is the basis for a large number of production-level web applications, notably the Horde Groupware suites. For more information on Horde or the Horde Groupware suites, visit http://www.horde.org. For upgrading instructions, please see http://www.horde.org/apps/horde/docs/UPGRADING For detailed installation and configuration instructions, please see http://www.horde.org/apps/horde/docs/INSTALL The major changes compared to the Horde version 5.0.4 are: * Fixed XSS vulnerability in smartphone portal. * Improved print layout. * Fixed resetting and changing passwords. * Small bug fixes and improvements. The full list of changes can be viewed here: https://github.com/horde/horde/blob/7d68ee70be4604cd8d6823e9feeac1b76d30126a/horde/docs/CHANGES Have fun! The Horde Team. ______________________________________________________________________ The Horde Team is pleased to announce the final release of the Internet Mail Program (IMP) version H5 (6.0.5). IMP, the Internet Mail Program, is one of the most popular and widely deployed open source webmail applications in the world. It allows universal, web-based access to IMAP and POP3 mail servers and provides Ajax, mobile and basic interfaces with a rich range of features normally found only in desktop email clients. For more information on IMP, visit http://www.horde.org/apps/imp. The major changes compared to the IMP version H5 (6.0.4) are: * Fixed XSS vulnerability on smartphone message page. * Fixed renaming mailboxes in dynamic view. * Fixed verifying signed & encrypted PGP messages. * Several fixes to display of virtual folders in tree view. * Many other bugfixes and improvements. The full list of changes can be viewed here: https://github.com/horde/horde/blob/d63dd7870ecff4300b0ab520d394bfb5d6bb9d3e/imp/docs/CHANGES Have fun! The Horde Team. ______________________________________________________________________ The Horde Team is pleased to announce the final release of the Horde Groupware version 5.0.5. Horde Groupware is a free, enterprise ready, browser based collaboration suite. Users can manage and share calendars, contacts, tasks and notes with the standards compliant components from the Horde Project. For upgrading instructions, please see http://www.horde.org/apps/groupware/docs/UPGRADING For detailed installation and configuration instructions, please see http://www.horde.org/apps/groupware/docs/INSTALL The major changes compared to the Horde Groupware version 5.0.4 are: General changes: * Fixed several XSS vulnerabilities in the smartphone mode. * Improved print layout. * Fixed resetting and changing passwords. * Updated Basque and Ukrainian translations. * Small bug fixes and improvements. Calendar changes: * Fixed importing of events with unknown timezone identifiers. Tasks changes: * Only return completed tasks up to a week old as cost objects. * Fixed several bugs with recurring tasks. * Fixed several bugs with synchronizing tasks. The full list of changes can be viewed here: https://github.com/horde/horde/blob/313d9be785c4304f258bfdbcc939cf741e68fca1/bundles/groupware/docs/CHANGES Have fun! The Horde Team. ______________________________________________________________________ The Horde Team is pleased to announce the final release of the Horde Groupware Webmail Edition version 5.0.5. Horde Groupware Webmail Edition is a free, enterprise ready, browser based communication suite. Users can read, send and organize email messages with four different webmail interfaces and manage and share calendars, contacts, tasks and notes with the standards compliant components from the Horde Project. For upgrading instructions, please see http://www.horde.org/apps/webmail/docs/UPGRADING For detailed installation and configuration instructions, please see http://www.horde.org/apps/webmail/docs/INSTALL The major changes compared to the Horde Groupware Webmail Edition version 5.0.4 are: General changes: * Fixed several XSS vulnerabilities in the smartphone mode. * Improved print layout. * Fixed resetting and changing passwords. * Updated Basque and Ukrainian translations. * Small bug fixes and improvements. Mail changes: * Fixed renaming mailboxes in dynamic view. * Fixed verifying signed & encrypted PGP messages. * Several fixes to display of virtual folders in tree view. Calendar changes: * Fixed importing of events with unknown timezone identifiers. Tasks changes: * Only return completed tasks up to a week old as cost objects. * Fixed several bugs with recurring tasks. * Fixed several bugs with synchronizing tasks. The full list of changes can be viewed here: https://github.com/horde/horde/blob/48cc9adc75332a9a26cc82cf0e425ba217c45547/bundles/webmail/docs/CHANGES Have fun! The Horde Team. ====================================================================== ========================================================= Serveur de référence du CERT-Renater https://services.renater.fr/ssi/ ========================================================== + CERT-RENATER | tel : 01-53-94-20-44 + + 23 - 25 Rue Daviel | fax : 01-53-94-20-41 + + 75013 Paris | email: cert@support.renater.fr + ==========================================================