[pkg-horde] Latest Horde security problems
reg at evolix.fr
Wed Jun 27 00:17:36 UTC 2007
On Thu, Jun 21, 2007 at 02:29:39PM +0200, Lionel Elie Mamane wrote:
> > please note that this issue from upstream changelog is still unfixed
> > in Etch:
> > - Fixed an XSS vulnerability in the language selection.
> > Also, please work on a Sarge update.
Jan Schneider (Horde upstream) says "I'm not sure how this could
be exploited with XSS" about this patch[*]. I investiguate: an
attacker could inject data in a particular PHP SESSION variable
*but* the only use of this variable is to be compared with
I'm not a guru of XSS vulnerabilities but I think there is no
need of security updates for this changelog line.
Gregory Colpart <reg at evolix.fr> GnuPG:1024D/C1027A0E
Evolix - Informatique et Logiciels Libres http://www.evolix.fr/
More information about the pkg-horde-hackers