Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 277294 - <www-apps/horde-passwd-3.1.1 XSS (CVE-2009-2360)
Summary: <www-apps/horde-passwd-3.1.1 XSS (CVE-2009-2360)
Status: RESOLVED FIXED
Alias: None
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: High minor (vote)
Assignee: Gentoo Security
URL: http://bugs.horde.org/ticket/8398
Whiteboard: B4 [glsa]
Keywords:
: 268110 (view as bug list)
Depends on:
Blocks:
 
Reported: 2009-07-10 08:53 UTC by Alex Legler (RETIRED)
Modified: 2009-09-12 16:33 UTC (History)
3 users (show)

See Also:
Package list:
Runtime testing required: ---


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Alex Legler (RETIRED) archtester Gentoo Infrastructure gentoo-dev Security 2009-07-10 08:53:32 UTC
CVE-2009-2360 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-2360):
  Cross-site scripting (XSS) vulnerability in passwd/main.php in the
  Passwd module before 3.1.1 for Horde allows remote attackers to
  inject arbitrary web script or HTML via the backend parameter.
Comment 1 Alex Legler (RETIRED) archtester Gentoo Infrastructure gentoo-dev Security 2009-07-10 09:03:53 UTC
*** Bug 268110 has been marked as a duplicate of this bug. ***
Comment 2 Alex Legler (RETIRED) archtester Gentoo Infrastructure gentoo-dev Security 2009-08-24 14:59:53 UTC
+*horde-passwd-3.1.1 (24 Aug 2009)
+
+  24 Aug 2009; Alex Legler <a3li@gentoo.org> +horde-passwd-3.1.1.ebuild:
+  Non-maintainer commit: Version bump for security bug 277294.
+
Comment 3 Alex Legler (RETIRED) archtester Gentoo Infrastructure gentoo-dev Security 2009-08-24 15:00:10 UTC
Arches, please test and mark stable:
=www-apps/horde-passwd-3.1.1
Target keywords : "alpha amd64 hppa ppc sparc x86"
Comment 4 Steve Dibb (RETIRED) gentoo-dev 2009-08-24 16:31:48 UTC
amd64 stable
Comment 5 Christian Faulhammer (RETIRED) gentoo-dev 2009-08-25 11:47:36 UTC
x86 stable
Comment 6 Tobias Klausmann gentoo-dev 2009-08-25 14:26:08 UTC
Stable on alpha.
Comment 7 Jeroen Roovers gentoo-dev 2009-08-25 14:45:56 UTC
Stable for HPPA.
Comment 8 Raúl Porcel (RETIRED) gentoo-dev 2009-08-25 16:51:31 UTC
sparc stable
Comment 9 nixnut (RETIRED) gentoo-dev 2009-08-29 18:15:52 UTC
ppc stable
Comment 10 Alex Legler (RETIRED) archtester Gentoo Infrastructure gentoo-dev Security 2009-09-02 09:51:27 UTC
GLSA with bug 262978.
Comment 11 Alex Legler (RETIRED) archtester Gentoo Infrastructure gentoo-dev Security 2009-09-12 16:33:09 UTC
GLSA 200909-14