Summary: | www-apps/horde-*: Cross-Site Scripting Vulnerability | ||
---|---|---|---|
Product: | Gentoo Security | Reporter: | Jean-François Brunette (RETIRED) <formula7> |
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
Status: | RESOLVED FIXED | ||
Severity: | minor | ||
Priority: | High | ||
Version: | unspecified | ||
Hardware: | All | ||
OS: | All | ||
Whiteboard: | B4 [glsa] jaervosz | ||
Package list: | Runtime testing required: | --- |
Description
Jean-François Brunette (RETIRED)
2005-04-25 06:48:27 UTC
*** Bug 90364 has been marked as a duplicate of this bug. *** Update to version 1.2.3. http://www.horde.org/chora/download/ Update to version 2.2.2. http://www.horde.org/forwards/download/ Update to version 2.1.2. http://www.horde.org/accounts/download/ Update to version 1.1.3. http://www.horde.org/nag/download/ Update to version 1.1.4. http://www.horde.org/mnemo/download/ Update to version 2.2.2. http://www.horde.org/vacation/download/ Secunia just released new advisories... horde-{imp|turba|passwd|} are also vulnerable Let's say horde-* vapier please advise. all versions are bumped and in portage now, keyworded and all that jazz Ready for GLSA vote apparently I vote NO We used to issue GLSAs for XSS issues in Squirrelmail, I see no reason to do otherwise with horde-*(imp) -> voting YES. http://marc.theaimsgroup.com/?l=horde-announce&r=1&b=200504&w=2 Reversing vote, after all there are plenty :) GLSA 200505-01 |