[pkg-horde] Bug#512592: Bug#512592: CVE-2008-5917: Cross-site scripting (XSS) vulnerability in the XSS filter
Gregory Colpart
reg at evolix.fr
Sun Jan 25 02:29:13 UTC 2009
Hello,
On Wed, Jan 21, 2009 at 07:18:24PM -0600, Raphael Geissert wrote:
>
> The following CVE (Common Vulnerabilities & Exposures) id was published for
> horde3.
>
> CVE-2008-5917[1]:
> > Cross-site scripting (XSS) vulnerability in the XSS filter
> > (framework/Text_Filter/Filter/xss.php) in Horde Application Framework 3.2.2
> > and 3.3, when Internet Explorer is being used, allows remote attackers to
> > inject arbitrary web script or HTML via unknown vectors related to style
> > attributes.
>
> The changes made by upstream to fix this bug are available at [2].
>
> [1] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5917
> http://security-tracker.debian.net/tracker/CVE-2008-5917
> [2]http://cvs.horde.org/diff.php/framework/Text_Filter/Filter/xss.php?r1=1.17&r2=1.18
Note to avoid duplicate effort: I'm preparing packages/advisory.
I will request upload by debian-security next week.
Regards,
--
Gregory Colpart <reg at evolix.fr> GnuPG:1024D/C1027A0E
Evolix - Informatique et Logiciels Libres http://www.evolix.fr/
More information about the pkg-horde-hackers
mailing list