[pkg-horde] Bug#512592: CVE-2008-5917: Cross-site scripting (XSS) vulnerability in the XSS filter

Raphael Geissert atomo64 at gmail.com
Thu Jan 22 01:18:24 UTC 2009


Package: horde3
Version: 3.2.2+debian0-1
Severity: important
Tags: security patch

Hi,

The following CVE (Common Vulnerabilities & Exposures) id was published for 
horde3.

CVE-2008-5917[1]:
> Cross-site scripting (XSS) vulnerability in the XSS filter
> (framework/Text_Filter/Filter/xss.php) in Horde Application Framework 3.2.2
> and 3.3, when Internet Explorer is being used, allows remote attackers to
> inject arbitrary web script or HTML via unknown vectors related to style
> attributes.

The changes made by upstream to fix this bug are available at [2].

[1] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5917
     http://security-tracker.debian.net/tracker/CVE-2008-5917
[2]http://cvs.horde.org/diff.php/framework/Text_Filter/Filter/xss.php?r1=1.17&r2=1.18

Cheers,
-- 
Raphael Geissert - Debian Maintainer
www.debian.org - get.debian.net
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 197 bytes
Desc: This is a digitally signed message part.
Url : http://lists.alioth.debian.org/pipermail/pkg-horde-hackers/attachments/20090121/fa76e7c7/attachment.pgp 


More information about the pkg-horde-hackers mailing list