[pkg-horde] Bug#434045: Bug#434045: security-bug informations for horde3 package
Gregory Colpart
reg at evolix.fr
Mon Sep 24 07:51:39 UTC 2007
Hello,
Here is a little "ping" to know if you intent to fix this
security issue[*] opened since july 2007.
[*] http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=434045
Regards,
On Sun, Jul 22, 2007 at 09:06:48AM +0200, Gregory Colpart wrote:
> Hello,
>
> The package horde3 has XSS vulnerability (See CVE-2007-1473 and bug #434045).
> Affected versions are:
> - sarge version (3.0.4-4sarge4)
> - etch version (3.1.3-4)
> - testing/unstable version (3.1.3-5)
>
>
> Upstream patch is trivial
> (http://bugs.horde.org/ticket/?id=4816):
>
> 8<----------------------------------
> - } elseif (!empty($lang)) {
> + } elseif (!empty($lang) && NLS::isValid($lang)) {
> 8<----------------------------------
>
>
> I prepared fixed packages:
>
> - sarge version
> http://gcolpart.evolix.net/debian/horde3/horde3_3.0.4-4sarge5.diff.gz
> http://gcolpart.evolix.net/debian/horde3/horde3_3.0.4-4sarge5.dsc
> http://gcolpart.evolix.net/debian/horde3/horde3_3.0.4-4sarge4_3.0.4-4sarge5.diff
>
> - etch version
> http://gcolpart.evolix.net/debian/horde3/horde3_3.1.3-4etch1.diff.gz
> http://gcolpart.evolix.net/debian/horde3/horde3_3.1.3-4etch1.dsc
> http://gcolpart.evolix.net/debian/horde3/horde3_3.1.3-4_3.1.3-4etch1.diff
>
> - unstable version
> http://gcolpart.evolix.net/debian/horde3/horde3_3.1.4-1.diff.gz
> http://gcolpart.evolix.net/debian/horde3/horde3_3.1.4-1.dsc
> http://gcolpart.evolix.net/debian/horde3/horde3_3.1.3-5_3.1.4-1.diff
>
> Note that I'm member of pkg-horde team but I'm not DD, then
> I am waiting my sponsor upload unstable package.
>
>
> If you want to test the vulnerability, you could go to:
> http://<server>/horde3/?new_lang=%22%3E%3Cbody%20onload=%22alert%28'hello%20world'%29%3B
> (I can provide you vulnerable URL in private if you want)
>
>
> Information for the advisory:
>
> 8<----------------------------------
> horde3 -- XSS vulnerability
>
> Date Reported:
> ?? Jul 2007
> Affected Packages:
> horde3
> Vulnerable:
> Yes
> Security database references:
> In Mitre's CVE dictionary: CVE-2007-1473
> More information:
>
> It was discovered that the Horde web application framework has a cross-site
> scripting (XSS) vulnerability in framework/NLS/NLS.php, allows remote attackers
> to inject arbitrary web script or HTML via the new_lang parameter.
>
> The old stable distribution (sarge) this problem has been fixed in version 3.0.4-4sarge5.
>
> For the stable distribution (etch) this problem has been fixed in version 3.1.3-4etch1.
>
> For the unstable distribution (sid) this problem has been fixed in version 3.1.4-1.
>
> We recommend that you upgrade your horde3 package.
> 8<----------------------------------
>
>
> Regards,
> --
> Gregory Colpart <reg at evolix.fr> GnuPG:1024D/C1027A0E
> Evolix - Informatique et Logiciels Libres http://www.evolix.fr/
--
Gregory Colpart <reg at evolix.fr> GnuPG:1024D/C1027A0E
Evolix - Informatique et Logiciels Libres http://www.evolix.fr/
More information about the pkg-horde-hackers
mailing list