Summary: | www-apps/horde-kronolith < 2.1.8 addevent.php cross-site scripting attack (CVE-2008-1974) | ||
---|---|---|---|
Product: | Gentoo Security | Reporter: | Matt Fleming (RETIRED) <mjf> |
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
Status: | RESOLVED FIXED | ||
Severity: | minor | CC: | thijs, web-apps |
Priority: | High | ||
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
URL: | http://secunia.com/advisories/29920/ | ||
Whiteboard: | B4 [noglsa] | ||
Package list: | Runtime testing required: | --- |
Description
Matt Fleming (RETIRED)
2008-04-25 22:42:55 UTC
Should be grouped with bug #212635 and bug #213493 for glsa. I'm not sure whether this has been patched upstream yet, so I'm setting the whiteboard appropriately. Based on comments from rbu@ we might not want to group this with the other bugs for a glsa because this bug is xss only. This issue has been fixed in 2.1.8 of kronolith. A CVE id has been requested. Setting herd and whiteboard. cc'ing vapier as primary maintainer. Do you know whether other horde packages carry a kronolith copy? CVE-2008-1974 the only packages that would bundle any horde sub-packages would be horde-webmail or horde-groupware horde-kronolith-2.1.8 is in the tree. Target archs: alpha amd64 hppa ppc sparc x86 x86 stable alpha/sparc stable ppc stable Stable for HPPA. amd64 stable, sorry for the delay. GLSA vote: NO NO too, closing. |