Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 262976 (CVE-2009-0930) - <www-apps/horde-imp-4.3.4 XSS (CVE-2009-0930)
Summary: <www-apps/horde-imp-4.3.4 XSS (CVE-2009-0930)
Status: RESOLVED FIXED
Alias: CVE-2009-0930
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: High minor (vote)
Assignee: Gentoo Security
URL: http://cvs.horde.org/co.php/imp/docs/...
Whiteboard: B4 [glsa]
Keywords:
Depends on:
Blocks:
 
Reported: 2009-03-19 00:00 UTC by Stefan Behte (RETIRED)
Modified: 2009-09-12 16:33 UTC (History)
1 user (show)

See Also:
Package list:
Runtime testing required: ---


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Stefan Behte (RETIRED) gentoo-dev Security 2009-03-19 00:00:00 UTC
CVE-2009-0930 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-0930):
  Multiple cross-site scripting (XSS) vulnerabilities in Horde IMP
  before 4.2.2 and 4.3.3 allow remote attackers to inject arbitrary web
  script or HTML via unspecified vectors to (1) smime.php, (2) pgp.php,
  and (3) message.php.
Comment 1 Alex Legler (RETIRED) archtester gentoo-dev Security 2009-08-24 14:48:34 UTC
+*horde-imp-4.3.4 (24 Aug 2009)
+
+  24 Aug 2009; Alex Legler <a3li@gentoo.org> -horde-imp-4.2.ebuild,
+  -horde-imp-4.3.ebuild, +horde-imp-4.3.4.ebuild:
+  Non-maintainer commit: Version bump for security bug 262978. Removing
+  unneeded vulnerable versions.
+
Comment 2 Alex Legler (RETIRED) archtester gentoo-dev Security 2009-08-24 14:48:49 UTC
Arches, please test and mark stable:
=www-apps/horde-imp-4.3.4
Target keywords : "alpha amd64 hppa ppc sparc x86"
Comment 3 Steve Dibb (RETIRED) gentoo-dev 2009-08-24 16:26:37 UTC
amd64 stable
Comment 4 Christian Faulhammer (RETIRED) gentoo-dev 2009-08-25 11:43:54 UTC
x86 stable
Comment 5 Tobias Klausmann (RETIRED) gentoo-dev 2009-08-25 14:24:06 UTC
Stable on alpha.
Comment 6 Jeroen Roovers (RETIRED) gentoo-dev 2009-08-25 14:46:10 UTC
Stable for HPPA.
Comment 7 Raúl Porcel (RETIRED) gentoo-dev 2009-08-25 16:52:45 UTC
sparc stable
Comment 8 nixnut (RETIRED) gentoo-dev 2009-08-29 17:40:31 UTC
ppc stable
Comment 9 Alex Legler (RETIRED) archtester gentoo-dev Security 2009-09-02 09:51:39 UTC
GLSA with bug 262978.
Comment 10 Alex Legler (RETIRED) archtester gentoo-dev Security 2009-09-12 16:33:05 UTC
GLSA 200909-14