[pkg-horde] Latest Horde security problems

Lionel Elie Mamane lmamane at debian.org
Thu Jun 21 12:29:39 UTC 2007

On Mon, Mar 26, 2007 at 05:04:56PM +0200, Moritz Muehlenhoff wrote:

> please note that this issue from upstream changelog is still unfixed
> in Etch:
> - Fixed an XSS vulnerability in the language selection.

> Also, please work on a Sarge update.

I still had this on my TODO list, but I'm now stepping down from
active role in Horde maintenance in Debian, and as my failure to
address this in months shows, should have much earlier. Another's
person problem now, sorry.

> The security team doesn't have the means to test such a web
> application framework.

OTOH, I never had the means to test an XSS vulnerability.


More information about the pkg-horde-hackers mailing list