| Summary: | net-www/horde-imp-3.2.5 Contains a XSS fix | ||
|---|---|---|---|
| Product: | Gentoo Security | Reporter: | Sune Kloppenborg Jeppesen (RETIRED) <jaervosz> |
| Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
| Status: | RESOLVED FIXED | ||
| Severity: | normal | ||
| Priority: | High | ||
| Version: | unspecified | ||
| Hardware: | All | ||
| OS: | All | ||
| URL: | http://secunia.com/advisories/12202/ | ||
| Whiteboard: | B3 [ glsa ] jaervosz | ||
| Package list: | Runtime testing required: | --- | |
|
Description
Sune Kloppenborg Jeppesen (RETIRED)
2004-08-03 23:02:56 UTC
Mike please bump to latest version.
Changes in this release:
- SECURITY: Closed an XSS hole in the HTML viewer, a variation to the one
reported in http://www.greymagic.com/security/advisories/gm005-mc/.
This vulnerability only exists when using the Internet Explorer to
access IMP and only when using the inline MIME viewer for HTML messages.
talked to stuart about horde/webapp-config and he said he should have a workaround for me soon ive been putting off version bumping of all the horde packages; once he gets back to me i'll go through and update all of them ebuild has been added with all the required KEYWORDS; ready for GLSA to be written / sent GLSA drafted : security please review. PS: As you might notice I reused heavily from the last Horde-IMP GLSA and proposals for a better title are welcome. glsa 200408-07 |