Bug 277294

Summary:	<www-apps/horde-passwd-3.1.1 XSS (CVE-2009-2360)
Product:	Gentoo Security	Reporter:	Alex Legler (RETIRED) <a3li>
Component:	Vulnerabilities	Assignee:	Gentoo Security <security>
Status:	RESOLVED FIXED
Severity:	minor	CC:	gentoo, web-apps, wrobel
Priority:	High
Version:	unspecified
Hardware:	All
OS:	Linux
URL:	http://bugs.horde.org/ticket/8398
Whiteboard:	B4 [glsa]
Package list:		Runtime testing required:	---

Description Alex Legler (RETIRED) archtester

2009-07-10 08:53:32 UTC

CVE-2009-2360 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-2360):
  Cross-site scripting (XSS) vulnerability in passwd/main.php in the
  Passwd module before 3.1.1 for Horde allows remote attackers to
  inject arbitrary web script or HTML via the backend parameter.

Comment 1 Alex Legler (RETIRED) archtester

2009-07-10 09:03:53 UTC

*** Bug 268110 has been marked as a duplicate of this bug. ***

Comment 2 Alex Legler (RETIRED) archtester

2009-08-24 14:59:53 UTC

+*horde-passwd-3.1.1 (24 Aug 2009)
+
+  24 Aug 2009; Alex Legler <a3li@gentoo.org> +horde-passwd-3.1.1.ebuild:
+  Non-maintainer commit: Version bump for security bug 277294.
+

Comment 3 Alex Legler (RETIRED) archtester

2009-08-24 15:00:10 UTC

Arches, please test and mark stable:
=www-apps/horde-passwd-3.1.1
Target keywords : "alpha amd64 hppa ppc sparc x86"

Comment 4 Steve Dibb (RETIRED) gentoo-dev

2009-08-24 16:31:48 UTC

amd64 stable

Comment 5 Christian Faulhammer (RETIRED) gentoo-dev

2009-08-25 11:47:36 UTC

x86 stable

Comment 6 Tobias Klausmann (RETIRED) gentoo-dev

2009-08-25 14:26:08 UTC

Stable on alpha.

Comment 7 Jeroen Roovers (RETIRED) gentoo-dev

2009-08-25 14:45:56 UTC

Stable for HPPA.

Comment 8 Raúl Porcel (RETIRED) gentoo-dev

2009-08-25 16:51:31 UTC

sparc stable

Comment 9 nixnut (RETIRED) gentoo-dev

2009-08-29 18:15:52 UTC

ppc stable

Comment 10 Alex Legler (RETIRED) archtester

2009-09-02 09:51:27 UTC

GLSA with bug 262978.

Comment 11 Alex Legler (RETIRED) archtester

2009-09-12 16:33:09 UTC

GLSA 200909-14