Gentoo Bug 256125 - <www-apps/horde-3.3.4 XSS (IE-only) (CVE-2008-5917)

Bug List: (This bug is not in your last search results) Show last search results Search page Enter new bug

Bug#:	256125
Alias:
Product:
Component:
Status:	RESOLVED
Resolution:	FIXED
Assigned To:	Gentoo Security <security@gentoo.org>

Hardware:
OS:
Version:
Priority:
Severity:

Reporter:	Stefan Behte <craig@gentoo.org>
Add CC:
CC:	Remove selected CCs

URL:
Summary:
Status Whiteboard:
Keywords:

Flags:			Requestee:
	Pending
	Approved
	Assigned_To		()

Filename	Description	Type	Creator	Created	Size	Actions
Create a New Attachment (proposed patch, testcase, etc.)						View All

Bug 256125 depends on:			Show dependency tree
Bug 256125 blocks:			Show dependency tree

Additional Comments: (this is where you put emerge --info)

Add to CC list

Not eligible to see or edit group visibility for this bug.

Leave as RESOLVED FIXED
Reopen bug
Mark bug as VERIFIED
Mark bug as CLOSED

View Bug Activity | Format For Printing | XML | Clone This Bug

Description:

Opened: 2009-01-23 21:32 0000

CVE-2008-5917 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-5917):
  Cross-site scripting (XSS) vulnerability in the XSS filter
  (framework/Text_Filter/Filter/xss.php) in Horde Application Framework
  3.2.2 and 3.3, when Internet Explorer is being used, allows remote
  attackers to inject arbitrary web script or HTML via unknown vectors
  related to style attributes.

------- Comment #1 From Stefan Behte 2009-03-01 18:44:51 0000 -------

Web-apps, hello?

------- Comment #2 From Alex Legler 2009-08-24 13:32:53 0000 -------

+*horde-3.3.4 (24 Aug 2009)
+
+  24 Aug 2009; Alex Legler <a3li@gentoo.org> -horde-3.3.ebuild,
+  +horde-3.3.4.ebuild:
+  Non-maintainer commit: Version bump for security bug #256125 and bug
+  #262978. Removing unneded vulnerable version.
+

------- Comment #3 From Alex Legler 2009-08-24 13:33:31 0000 -------

Arches, please test and mark stable:
=www-apps/horde-3.3.4
Target keywords : "alpha amd64 hppa ppc sparc x86"

------- Comment #4 From Steve Dibb 2009-08-24 16:10:31 0000 -------

amd64 stable

------- Comment #5 From Christian Faulhammer 2009-08-25 11:38:58 0000 -------

x86 stable

------- Comment #6 From Tobias Klausmann 2009-08-25 13:29:57 0000 -------

Stable on alpha.

------- Comment #7 From Jeroen Roovers 2009-08-25 14:45:33 0000 -------

Stable for HPPA.

------- Comment #8 From Raúl Porcel 2009-08-25 16:51:06 0000 -------

sparc stable

------- Comment #9 From nixnut 2009-08-29 17:37:59 0000 -------

ppc stable

------- Comment #10 From Alex Legler 2009-09-02 09:51:57 0000 -------

GLSA with bug 262978.

------- Comment #11 From Alex Legler 2009-09-12 16:33:02 0000 -------

GLSA 200909-14

Bug List: (This bug is not in your last search results) Show last search results Search page Enter new bug

Bugzilla Bug 256125

<www-apps/horde-3.3.4 XSS (IE-only) (CVE-2008-5917)

Last modified: 2009-09-12 16:33:02 0000