Summary: | net-www/horde-imp-3.2.5 Contains a XSS fix | ||
---|---|---|---|
Product: | Gentoo Security | Reporter: | Sune Kloppenborg Jeppesen (RETIRED) <jaervosz> |
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
Status: | RESOLVED FIXED | ||
Severity: | normal | ||
Priority: | High | ||
Version: | unspecified | ||
Hardware: | All | ||
OS: | All | ||
URL: | http://secunia.com/advisories/12202/ | ||
Whiteboard: | B3 [ glsa ] jaervosz | ||
Package list: | Runtime testing required: | --- |
Description
Sune Kloppenborg Jeppesen (RETIRED)
2004-08-03 23:02:56 UTC
Mike please bump to latest version. Changes in this release: - SECURITY: Closed an XSS hole in the HTML viewer, a variation to the one reported in http://www.greymagic.com/security/advisories/gm005-mc/. This vulnerability only exists when using the Internet Explorer to access IMP and only when using the inline MIME viewer for HTML messages. talked to stuart about horde/webapp-config and he said he should have a workaround for me soon ive been putting off version bumping of all the horde packages; once he gets back to me i'll go through and update all of them ebuild has been added with all the required KEYWORDS; ready for GLSA to be written / sent GLSA drafted : security please review. PS: As you might notice I reused heavily from the last Horde-IMP GLSA and proposals for a better title are welcome. glsa 200408-07 |