Bug#415117: [pkg-horde] Bug#415117: imp4: XSS vulnerability in search
screen and thread view
Ola Lundqvist
opal at debian.org
Fri Mar 16 18:24:12 CET 2007
Hi
Interesting! Will you create a fix for this?
Regards,
// Ola
On Fri, Mar 16, 2007 at 08:33:26AM +0100, Lionel Elie Mamane wrote:
> Package: imp4
> Version: 4.0.2-1
> Severity: grave
> Tags: security
> Justification: security hole when package used
>
> Upstream changelog of new version says:
>
> This (..) fixes two cross site scripting vulnerabilities.
>
> Major changes compared to the IMP H3 (4.1.4-RC1) version are:
> * Fixed XSS vulnerabilities in the search screen and thread view.
>
> Sarge may or may not be vulnerable, I haven't checked yet.x
>
>
> _______________________________________________
> pkg-horde-hackers mailing list
> pkg-horde-hackers at lists.alioth.debian.org
> http://lists.alioth.debian.org/mailman/listinfo/pkg-horde-hackers
>
--
--------------------- Ola Lundqvist ---------------------------
/ opal at debian.org Annebergsslingan 37 \
| ola at opalsys.net 654 65 KARLSTAD |
| +46 (0)54-10 14 30 +46 (0)70-332 1551 |
| http://opalsys.net/ UIN/icq: 4912500 |
\ gpg/f.p.: 7090 A92B 18FE 7994 0C36 4FE4 18A1 B1CF 0FE5 3DD9 /
---------------------------------------------------------------
More information about the pkg-horde-hackers
mailing list