Summary: | <www-apps/horde-{imp-4.3.8, dimp-1.1.5} DNS prefetching Information Disclosure (CVE-2010-0463) | ||
---|---|---|---|
Product: | Gentoo Security | Reporter: | Alex Legler (RETIRED) <a3li> |
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
Status: | RESOLVED FIXED | ||
Severity: | minor | CC: | martin.holzer, web-apps |
Priority: | High | ||
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
URL: | http://bugs.horde.org/ticket/8836 | ||
Whiteboard: | B4 [noglsa] | ||
Package list: | Runtime testing required: | --- |
Description
Alex Legler (RETIRED)
2010-03-04 11:50:30 UTC
From http://bugs.horde.org/ticket/8836#c14 Fixed in IMP 4.3.8 and DIMP 1.1.5 (MIMP does not need this fix because MIMP 1.x does not generate links in message content). Please provide an updated ebuild! not yet released... IMP 4.3.8 and DIMP 1.1.5 were released: http://lists.horde.org/archives/announce/2010/000558.html http://lists.horde.org/archives/announce/2010/000561.html Ebuilds will be added shortly. Arches, please test and mark stable: =www-apps/horde-dimp-1.1.5 Target keywords : "amd64 x86" =www-apps/horde-imp-4.3.8 Target keywords : "alpha amd64 hppa ppc sparc x86" Horde IMP 4.3.8 looks to also fix an XSS as described in: http://seclists.org/fulldisclosure/2010/Sep/373 The fix is at: http://git.horde.org/diff.php/imp/fetchmailprefs.php?rt=horde&r1=1.39.4.10&r2=1.39.4.11 I do not see a CVE for this. I tested the following things together on x86 with apache (dev-lang/php-5.2.14) and my dovecot imap server. I've seen no problems at all! :-) www-apps/horde-3.3.9 Bug #336319 www-apps/horde-imp-4.3.8 Bug #307759 www-apps/horde-dimp-1.1.5 Bug #307759 www-apps/horde-gollem-1.1.2 Bug #339168 Stable on alpha. amd64 done x86 stable, thanks Andreas ppc done sparc stable Stable for HPPA. GLSA Vote: No. it seems you can close this bug GLSA vote: no. Closing noglsa. |