|Summary:||net-www/horde-imp-3.2.5 Contains a XSS fix|
|Product:||Gentoo Security||Reporter:||Sune Kloppenborg Jeppesen <jaervosz>|
|Component:||Vulnerabilities||Assignee:||Gentoo Security <security>|
|Whiteboard:||B3 [ glsa ] jaervosz|
|Package list:||Runtime testing required:||---|
Description Sune Kloppenborg Jeppesen 2004-08-03 23:02:56 UTC
A vulnerability has been discovered in Horde IMP, which can be exploited by malicious people to conduct script insertion attacks.
Comment 1 Sune Kloppenborg Jeppesen 2004-08-03 23:06:43 UTC
Mike please bump to latest version. Changes in this release: - SECURITY: Closed an XSS hole in the HTML viewer, a variation to the one reported in http://www.greymagic.com/security/advisories/gm005-mc/. This vulnerability only exists when using the Internet Explorer to access IMP and only when using the inline MIME viewer for HTML messages.
Comment 2 SpanKY 2004-08-04 21:28:13 UTC
talked to stuart about horde/webapp-config and he said he should have a workaround for me soon ive been putting off version bumping of all the horde packages; once he gets back to me i'll go through and update all of them
Comment 3 SpanKY 2004-08-07 23:40:40 UTC
ebuild has been added with all the required KEYWORDS; ready for GLSA to be written / sent
Comment 4 Sune Kloppenborg Jeppesen 2004-08-08 11:56:29 UTC
GLSA drafted : security please review. PS: As you might notice I reused heavily from the last Horde-IMP GLSA and proposals for a better title are welcome.
Comment 5 Kurt Lieber (RETIRED) 2004-08-10 06:14:19 UTC