[pkg-horde] Bug#500553: CVE-2008-4182: XSS in imp4
Steffen Joeris
steffen.joeris at skolelinux.de
Mon Sep 29 10:00:13 UTC 2008
Package: imp4
Severity: important
Tags: security, patch
Hi,
the following CVE (Common Vulnerabilities & Exposures) id was
published for imp4.
CVE-2008-4182[0]:
| Cross-site scripting (XSS) vulnerability in imp/test.php in Horde
| Turba Contact Manager H3 2.2.1, and possibly other Horde Project
| products, allows remote attackers to inject arbitrary web script or
| HTML via the User field in an IMAP session.
The upstream patch for this issue can be found here[1]. Please address
this issue together with the turba2 XSS for lenny via migration from
unstable
If you fix the vulnerability please also make sure to include the
CVE id in your changelog entry.
Cheers
Steffen
For further information see:
[0] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4182
http://security-tracker.debian.net/tracker/CVE-2008-4182
[1] http://cvs.horde.org/diff.php/imp/test.php?r1=1.70&r2=1.71
More information about the pkg-horde-hackers
mailing list