[Backports-security-announce] Security Update for egroupware

2009-08-0418:10:26

lists.debian.org

JSON

Jan Wagner uploaded new packages for egroupware which fixed the
following security problems:

CVE-2009-2265

Multiple directory traversal vulnerabilities in FCKeditor before
2.6.4.1 allow remote attackers to create executable files in arbitrary
directories via directory traversal sequences in the input to
unspecified connector modules, as exploited in the wild for remote
code execution in July 2009, related to the file browser and the
editor/filemanager/connectors/ directory.

For the lenny-backports distribution the problems have been fixed in
version 1.6.002+dfsg-1~bpo50+1.

For the sid distributions the problems have been fixed in version
1.6.002+dfsg-1.

Upgrade instructions

If you don't use pinning (see [1]) you have to update the packages
manually via "apt-get -t lenny-backports install <packagelist>" with the
packagelist of your installed packages affected by this update.
[1] <http://backports.org/dokuwiki/doku.php?id=instructions>

We recommend to pin the backports repository to 200 so that new versions
of installed backports will be installed automatically:

Package: *
Pin: release a=lenny-backports
Pin-Priority: 200
Attachment:
signature.asc
Description: Digital signature

OSVersionArchitecturePackageVersionFilename
Debian999allegroupware-sitemgr< 1.6.002+dfsg-1egroupware-sitemgr_1.6.002+dfsg-1_all.deb
Debian999allegroupware-news-admin< 1.6.002+dfsg-1egroupware-news-admin_1.6.002+dfsg-1_all.deb
Debian999allegroupware-phpsysinfo< 1.6.002+dfsg-1egroupware-phpsysinfo_1.6.002+dfsg-1_all.deb
Debian999allegroupware-sambaadmin< 1.6.002+dfsg-1egroupware-sambaadmin_1.6.002+dfsg-1_all.deb
Debian999allegroupware-projectmanager< 1.6.002+dfsg-1egroupware-projectmanager_1.6.002+dfsg-1_all.deb
Debian999allegroupware-developer-tools< 1.6.002+dfsg-1egroupware-developer-tools_1.6.002+dfsg-1_all.deb
Debian999allegroupware-resources< 1.6.002+dfsg-1egroupware-resources_1.6.002+dfsg-1_all.deb
Debian999allegroupware-core< 1.6.002+dfsg-1egroupware-core_1.6.002+dfsg-1_all.deb
Debian999allegroupware-addressbook< 1.6.002+dfsg-1egroupware-addressbook_1.6.002+dfsg-1_all.deb
Debian999allegroupware-wiki< 1.6.002+dfsg-1egroupware-wiki_1.6.002+dfsg-1_all.deb

OS	Version	Architecture	Package	Version	Filename
Debian	999	all	egroupware-sitemgr	< 1.6.002+dfsg-1	egroupware-sitemgr_1.6.002+dfsg-1_all.deb
Debian	999	all	egroupware-news-admin	< 1.6.002+dfsg-1	egroupware-news-admin_1.6.002+dfsg-1_all.deb
Debian	999	all	egroupware-phpsysinfo	< 1.6.002+dfsg-1	egroupware-phpsysinfo_1.6.002+dfsg-1_all.deb
Debian	999	all	egroupware-sambaadmin	< 1.6.002+dfsg-1	egroupware-sambaadmin_1.6.002+dfsg-1_all.deb
Debian	999	all	egroupware-projectmanager	< 1.6.002+dfsg-1	egroupware-projectmanager_1.6.002+dfsg-1_all.deb
Debian	999	all	egroupware-developer-tools	< 1.6.002+dfsg-1	egroupware-developer-tools_1.6.002+dfsg-1_all.deb
Debian	999	all	egroupware-resources	< 1.6.002+dfsg-1	egroupware-resources_1.6.002+dfsg-1_all.deb
Debian	999	all	egroupware-core	< 1.6.002+dfsg-1	egroupware-core_1.6.002+dfsg-1_all.deb
Debian	999	all	egroupware-addressbook	< 1.6.002+dfsg-1	egroupware-addressbook_1.6.002+dfsg-1_all.deb
Debian	999	all	egroupware-wiki	< 1.6.002+dfsg-1	egroupware-wiki_1.6.002+dfsg-1_all.deb