Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 59336 - net-www/horde-imp-3.2.5 Contains a XSS fix
Summary: net-www/horde-imp-3.2.5 Contains a XSS fix
Status: RESOLVED FIXED
Alias: None
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All All
: High normal (vote)
Assignee: Gentoo Security
URL: http://secunia.com/advisories/12202/
Whiteboard: B3 [ glsa ] jaervosz
Keywords:
Depends on:
Blocks:
 
Reported: 2004-08-03 23:02 UTC by Sune Kloppenborg Jeppesen (RETIRED)
Modified: 2011-10-30 22:40 UTC (History)
0 users

See Also:
Package list:
Runtime testing required: ---


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Sune Kloppenborg Jeppesen (RETIRED) gentoo-dev 2004-08-03 23:02:56 UTC
A vulnerability has been discovered in Horde IMP, which can be exploited by malicious people to conduct script insertion attacks.
Comment 1 Sune Kloppenborg Jeppesen (RETIRED) gentoo-dev 2004-08-03 23:06:43 UTC
Mike please bump to latest version.

Changes in this release:
    - SECURITY: Closed an XSS hole in the HTML viewer, a variation to the one
      reported in http://www.greymagic.com/security/advisories/gm005-mc/.
      This vulnerability only exists when using the Internet Explorer to
      access IMP and only when using the inline MIME viewer for HTML messages.
Comment 2 SpanKY gentoo-dev 2004-08-04 21:28:13 UTC
talked to stuart about horde/webapp-config and he said he should have a workaround for me soon

ive been putting off version bumping of all the horde packages; once he gets back to me i'll go through and update all of them
Comment 3 SpanKY gentoo-dev 2004-08-07 23:40:40 UTC
ebuild has been added with all the required KEYWORDS; ready for GLSA to be written / sent
Comment 4 Sune Kloppenborg Jeppesen (RETIRED) gentoo-dev 2004-08-08 11:56:29 UTC
GLSA drafted : security please review.

PS: As you might notice I reused heavily from the last Horde-IMP GLSA and proposals for a better title are welcome.
Comment 5 Kurt Lieber (RETIRED) gentoo-dev 2004-08-10 06:14:19 UTC
glsa 200408-07