[pkg-horde] Bug#495332: CVE-2008-3650: Multiple unspecified vulnerabilities
Steffen Joeris
steffen.joeris at skolelinux.de
Sat Aug 16 10:01:56 UTC 2008
Package: horde3
Severity: important
Tags: security
Hi,
the following CVE (Common Vulnerabilities & Exposures) id was
published for horde3.
CVE-2008-3650[0]:
| Multiple unspecified vulnerabilities in Horde Groupware Webmail before
| Edition 1.1.1 (final) have unknown impact and attack vectors related
| to "unescaped output," possibly cross-site scripting (XSS), in the (1)
| object browser and (2) contact view.
If you fix the vulnerability please also make sure to include the
CVE id in your changelog entry.
Please see the upstream announcement[1] for further information. If the
horde code appears to be vulnerable, I believe we have to check all the
other packages including code copies as well :/
Cheers
Steffen
For further information see:
[0] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3650
http://security-tracker.debian.net/tracker/CVE-2008-3650
[1] http://lists.horde.org/archives/announce/2008/000420.html
More information about the pkg-horde-hackers
mailing list