[pkg-horde] Bug#492578: horde3: Small XSS/unescaped output in services/obrowser/index.php

Gregory Colpart reg at evolix.fr
Sun Jul 27 15:48:50 UTC 2008


Hi,

On Sun, Jul 27, 2008 at 05:38:20PM +0200, Nico Golde wrote:
> > > I can't see an old CVE id describing this problem, is a new CVE
> > > id needed for this one?
> > 
> > There is no CVE id for it. I'm not sure Debian needs a new CVE id
> > because upstream said only Horde 3.2 and Turba 2.2 are affected
> > (this versions are *not* in Debian).
> 
> But they were in the archive and other vendors might still have them in 
> their archive. I also added 2.2.1-1 as the fixed version in 
> the security tracker and requested a CVE id.

No, these versions were never in the archive.
But yes, other vendors could be affected.


> P.S. Please mention such fixes as security fixes in the 
> changelog next time so we can get them easier on our 
> radars.

Even if the version affected was not in Debian?


Regards,
-- 
Gregory Colpart <reg at evolix.fr>  GnuPG:1024D/C1027A0E
Evolix - Informatique et Logiciels Libres http://www.evolix.fr/





More information about the pkg-horde-hackers mailing list