[turba2] [CVE-2008-0807] programming error in permission testing
Bug #195695 reported by
disabled.user
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
turba2 (Debian) |
Fix Released
|
Unknown
|
|||
turba2 (Ubuntu) |
Fix Released
|
Undecided
|
William Grant | ||
Dapper |
Won't Fix
|
Undecided
|
Unassigned | ||
Edgy |
Won't Fix
|
Undecided
|
Unassigned | ||
Feisty |
Won't Fix
|
Undecided
|
Unassigned | ||
Gutsy |
Won't Fix
|
Undecided
|
Unassigned | ||
Hardy |
Fix Released
|
Undecided
|
William Grant |
Bug Description
Binary package hint: turba2
References:
DSA-1507-1 (http://
Quoting:
"Peter Paul Elfferich discovered that turba2, a contact management component
for horde framework did not correctly check access rights before allowing
users to edit addresses. This could result in valid users being able to
alter private address records."
CVE References
Changed in turba2: | |
status: | Unknown → Fix Released |
Changed in turba2: | |
assignee: | nobody → fujitsu |
status: | New → In Progress |
Changed in turba2: | |
status: | In Progress → Triaged |
To post a comment you must log in.
Fixed when 2.1.7-1 was synced.