Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!

Bug 59336

Summary: net-www/horde-imp-3.2.5 Contains a XSS fix
Product: Gentoo Security Reporter: Sune Kloppenborg Jeppesen <jaervosz>
Component: VulnerabilitiesAssignee: Gentoo Security <security>
Status: RESOLVED FIXED    
Severity: normal    
Priority: High    
Version: unspecified   
Hardware: All   
OS: All   
URL: http://secunia.com/advisories/12202/
Whiteboard: B3 [ glsa ] jaervosz
Package list:
Runtime testing required: ---

Description Sune Kloppenborg Jeppesen gentoo-dev 2004-08-03 23:02:56 UTC
A vulnerability has been discovered in Horde IMP, which can be exploited by malicious people to conduct script insertion attacks.
Comment 1 Sune Kloppenborg Jeppesen gentoo-dev 2004-08-03 23:06:43 UTC
Mike please bump to latest version.

Changes in this release:
    - SECURITY: Closed an XSS hole in the HTML viewer, a variation to the one
      reported in http://www.greymagic.com/security/advisories/gm005-mc/.
      This vulnerability only exists when using the Internet Explorer to
      access IMP and only when using the inline MIME viewer for HTML messages.
Comment 2 SpanKY gentoo-dev 2004-08-04 21:28:13 UTC
talked to stuart about horde/webapp-config and he said he should have a workaround for me soon

ive been putting off version bumping of all the horde packages; once he gets back to me i'll go through and update all of them
Comment 3 SpanKY gentoo-dev 2004-08-07 23:40:40 UTC
ebuild has been added with all the required KEYWORDS; ready for GLSA to be written / sent
Comment 4 Sune Kloppenborg Jeppesen gentoo-dev 2004-08-08 11:56:29 UTC
GLSA drafted : security please review.

PS: As you might notice I reused heavily from the last Horde-IMP GLSA and proposals for a better title are welcome.
Comment 5 Kurt Lieber (RETIRED) gentoo-dev 2004-08-10 06:14:19 UTC
glsa 200408-07