[pkg-horde] Bug#492578: horde3: Small XSS/unescaped output in services/obrowser/index.php
Gregory Colpart
reg at evolix.fr
Sun Jul 27 15:48:50 UTC 2008
Hi,
On Sun, Jul 27, 2008 at 05:38:20PM +0200, Nico Golde wrote:
> > > I can't see an old CVE id describing this problem, is a new CVE
> > > id needed for this one?
> >
> > There is no CVE id for it. I'm not sure Debian needs a new CVE id
> > because upstream said only Horde 3.2 and Turba 2.2 are affected
> > (this versions are *not* in Debian).
>
> But they were in the archive and other vendors might still have them in
> their archive. I also added 2.2.1-1 as the fixed version in
> the security tracker and requested a CVE id.
No, these versions were never in the archive.
But yes, other vendors could be affected.
> P.S. Please mention such fixes as security fixes in the
> changelog next time so we can get them easier on our
> radars.
Even if the version affected was not in Debian?
Regards,
--
Gregory Colpart <reg at evolix.fr> GnuPG:1024D/C1027A0E
Evolix - Informatique et Logiciels Libres http://www.evolix.fr/
More information about the pkg-horde-hackers
mailing list