From the Secunia advisory at http://secunia.com/advisories/42355/: Certain unspecified input is not properly sanitised before being displayed to the user while viewing a vCard. This can be exploited to insert arbitrary HTML and script code, which will be executed in a user's browser session in context of an affected site when the malicious vCard is being viewed. Upstream has posted new versions of all three packages. www-apps/horde: http://lists.horde.org/archives/announce/2010/000574.html www-apps/horde-groupware: http://lists.horde.org/archives/announce/2010/000575.html www-apps/horde-webmail: http://lists.horde.org/archives/announce/2010/000576.html
Arches, please test and mark stable: =www-apps/horde-3.3.11 Target keywords : "alpha amd64 hppa ppc sparc x86"
horde-groupware and -webmail are masked due to the open issues and lack of maintainers.
Stable for HPPA.
x86 stable
alpha/sparc stable
Stable for PPC.
Created attachment 257536 [details] build log
Comment on attachment 257536 [details] build log That's a log from webapp-config and has nothing to do with horde. I suggest you file a new bug for that.
amd64 done
Thanks, folks. Closing noglsa for WebApp XSS.