A vulnerability has been discovered in Horde IMP, which can be exploited by malicious people to conduct script insertion attacks.
Mike please bump to latest version. Changes in this release: - SECURITY: Closed an XSS hole in the HTML viewer, a variation to the one reported in http://www.greymagic.com/security/advisories/gm005-mc/. This vulnerability only exists when using the Internet Explorer to access IMP and only when using the inline MIME viewer for HTML messages.
talked to stuart about horde/webapp-config and he said he should have a workaround for me soon ive been putting off version bumping of all the horde packages; once he gets back to me i'll go through and update all of them
ebuild has been added with all the required KEYWORDS; ready for GLSA to be written / sent
GLSA drafted : security please review. PS: As you might notice I reused heavily from the last Horde-IMP GLSA and proposals for a better title are welcome.
glsa 200408-07