Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!

Bug 256125 (CVE-2008-5917)

Summary: <www-apps/horde-3.3.4 XSS (IE-only) (CVE-2008-5917)
Product: Gentoo Security Reporter: Stefan Behte (RETIRED) <craig>
Component: VulnerabilitiesAssignee: Gentoo Security <security>
Status: RESOLVED FIXED    
Severity: minor CC: gentoo, web-apps, wrobel
Priority: High    
Version: unspecified   
Hardware: All   
OS: Linux   
URL: http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-5917
Whiteboard: B3 [glsa]
Package list:
Runtime testing required: ---

Description Stefan Behte (RETIRED) gentoo-dev Security 2009-01-23 21:32:54 UTC 
CVE-2008-5917 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-5917):
  Cross-site scripting (XSS) vulnerability in the XSS filter
  (framework/Text_Filter/Filter/xss.php) in Horde Application Framework
  3.2.2 and 3.3, when Internet Explorer is being used, allows remote
  attackers to inject arbitrary web script or HTML via unknown vectors
  related to style attributes.
Comment 1 Stefan Behte (RETIRED) gentoo-dev Security 2009-03-01 18:44:51 UTC 
Web-apps, hello?
Comment 2 Alex Legler (RETIRED) archtester gentoo-dev Security 2009-08-24 13:32:53 UTC 
+*horde-3.3.4 (24 Aug 2009)
+
+  24 Aug 2009; Alex Legler <a3li@gentoo.org> -horde-3.3.ebuild,
+  +horde-3.3.4.ebuild:
+  Non-maintainer commit: Version bump for security bug #256125 and bug
+  #262978. Removing unneded vulnerable version.
+
Comment 3 Alex Legler (RETIRED) archtester gentoo-dev Security 2009-08-24 13:33:31 UTC 
Arches, please test and mark stable:
=www-apps/horde-3.3.4
Target keywords : "alpha amd64 hppa ppc sparc x86"
Comment 4 Steve Dibb (RETIRED) gentoo-dev 2009-08-24 16:10:31 UTC 
amd64 stable
Comment 5 Christian Faulhammer (RETIRED) gentoo-dev 2009-08-25 11:38:58 UTC 
x86 stable
Comment 6 Tobias Klausmann (RETIRED) gentoo-dev 2009-08-25 13:29:57 UTC 
Stable on alpha.
Comment 7 Jeroen Roovers (RETIRED) gentoo-dev 2009-08-25 14:45:33 UTC 
Stable for HPPA.
Comment 8 Raúl Porcel (RETIRED) gentoo-dev 2009-08-25 16:51:06 UTC 
sparc stable
Comment 9 nixnut (RETIRED) gentoo-dev 2009-08-29 17:37:59 UTC 
ppc stable
Comment 10 Alex Legler (RETIRED) archtester gentoo-dev Security 2009-09-02 09:51:57 UTC 
GLSA with bug 262978.
Comment 11 Alex Legler (RETIRED) archtester gentoo-dev Security 2009-09-12 16:33:02 UTC 
GLSA 200909-14