[pkg-horde] Bug#492578: horde3: Small XSS/unescaped output in services/obrowser/index.php
Gregory Colpart
reg at evolix.fr
Sun Jul 27 13:52:30 UTC 2008
Hi,
On Sun, Jul 27, 2008 at 03:31:37PM +0200, Nico Golde wrote:
> This seems to be already fixed in unstable.
Yes, sure! This issue is only for etch.
> Which version did fix this?
3.2.1+debian0-1 fixed it.
> I can't see an old CVE id describing this problem, is a new CVE
> id needed for this one?
There is no CVE id for it. I'm not sure Debian needs a new CVE id
because upstream said only Horde 3.2 and Turba 2.2 are affected
(this versions are *not* in Debian). Today I'm reviewing old
issues and I find Horde 3.1 could also be affected: I sent
mail to upstream to ask confirmation. I propose you to wait his
answer.
Regards,
--
Gregory Colpart <reg at evolix.fr> GnuPG:1024D/C1027A0E
Evolix - Informatique et Logiciels Libres http://www.evolix.fr/
More information about the pkg-horde-hackers
mailing list