It was discovered that the Horde web application framework permits arbitrary file inclusion by a remote attacker through the theme preference parameter. For the old stable distribution (sarge) this problem has been fixed in version 3.0.4-4sarge7. For the stable distribution (etch) this problem has been fixed in version 3.1.3-4etch3. For the unstable distribution (sid) this problem has been fixed in version 3.1.7-1. We recommend that you upgrade your horde3 package.
It was discovered that the Horde web application framework permits arbitrary
file inclusion by a remote attacker through the theme
preference parameter.
For the old stable distribution (sarge) this problem has been fixed in version 3.0.4-4sarge7.
For the stable distribution (etch) this problem has been fixed in version 3.1.3-4etch4.
For the unstable distribution (sid) this problem has been fixed in version 3.1.7-1.
We recommend that you upgrade your horde3 package.
MD5 checksums of the listed files are available in the original advisory.