A vulnerability has been discovered in Horde IMP, which can be exploited by malicious people to conduct script insertion attacks.
Mike please bump to latest version.
Changes in this release:
- SECURITY: Closed an XSS hole in the HTML viewer, a variation to the one
reported in http://www.greymagic.com/security/advisories/gm005-mc/.
This vulnerability only exists when using the Internet Explorer to
access IMP and only when using the inline MIME viewer for HTML messages.
talked to stuart about horde/webapp-config and he said he should have a workaround for me soon
ive been putting off version bumping of all the horde packages; once he gets back to me i'll go through and update all of them
ebuild has been added with all the required KEYWORDS; ready for GLSA to be written / sent
GLSA drafted : security please review.
PS: As you might notice I reused heavily from the last Horde-IMP GLSA and proposals for a better title are welcome.