Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!

Bug 277294

Summary: <www-apps/horde-passwd-3.1.1 XSS (CVE-2009-2360)
Product: Gentoo Security Reporter: Alex Legler (RETIRED) <a3li>
Component: VulnerabilitiesAssignee: Gentoo Security <security>
Status: RESOLVED FIXED    
Severity: minor CC: gentoo, web-apps, wrobel
Priority: High    
Version: unspecified   
Hardware: All   
OS: Linux   
URL: http://bugs.horde.org/ticket/8398
Whiteboard: B4 [glsa]
Package list:
Runtime testing required: ---

Description Alex Legler (RETIRED) archtester Gentoo Infrastructure gentoo-dev Security 2009-07-10 08:53:32 UTC
CVE-2009-2360 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-2360):
  Cross-site scripting (XSS) vulnerability in passwd/main.php in the
  Passwd module before 3.1.1 for Horde allows remote attackers to
  inject arbitrary web script or HTML via the backend parameter.
Comment 1 Alex Legler (RETIRED) archtester Gentoo Infrastructure gentoo-dev Security 2009-07-10 09:03:53 UTC
*** Bug 268110 has been marked as a duplicate of this bug. ***
Comment 2 Alex Legler (RETIRED) archtester Gentoo Infrastructure gentoo-dev Security 2009-08-24 14:59:53 UTC
+*horde-passwd-3.1.1 (24 Aug 2009)
+
+  24 Aug 2009; Alex Legler <a3li@gentoo.org> +horde-passwd-3.1.1.ebuild:
+  Non-maintainer commit: Version bump for security bug 277294.
+
Comment 3 Alex Legler (RETIRED) archtester Gentoo Infrastructure gentoo-dev Security 2009-08-24 15:00:10 UTC
Arches, please test and mark stable:
=www-apps/horde-passwd-3.1.1
Target keywords : "alpha amd64 hppa ppc sparc x86"
Comment 4 Steve Dibb (RETIRED) gentoo-dev 2009-08-24 16:31:48 UTC
amd64 stable
Comment 5 Christian Faulhammer (RETIRED) gentoo-dev 2009-08-25 11:47:36 UTC
x86 stable
Comment 6 Tobias Klausmann gentoo-dev 2009-08-25 14:26:08 UTC
Stable on alpha.
Comment 7 Jeroen Roovers gentoo-dev 2009-08-25 14:45:56 UTC
Stable for HPPA.
Comment 8 Raúl Porcel (RETIRED) gentoo-dev 2009-08-25 16:51:31 UTC
sparc stable
Comment 9 nixnut (RETIRED) gentoo-dev 2009-08-29 18:15:52 UTC
ppc stable
Comment 10 Alex Legler (RETIRED) archtester Gentoo Infrastructure gentoo-dev Security 2009-09-02 09:51:27 UTC
GLSA with bug 262978.
Comment 11 Alex Legler (RETIRED) archtester Gentoo Infrastructure gentoo-dev Security 2009-09-12 16:33:09 UTC
GLSA 200909-14