[Secure-testing-team] Bug#569661: CVE-2010-0463: privacy compromise via DNS prefetching in web mail
Giuseppe Iuculano
iuculano at debian.org
Sat Feb 13 09:11:05 UTC 2010
Package: imp4
Severity: serious
Tags: security
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Hi,
the following CVE (Common Vulnerabilities & Exposures) id was
published for imp4.
CVE-2010-0463[0]:
| Horde IMP 4.3.6 and earlier does not request that the web browser
| avoid DNS prefetching of domain names contained in e-mail messages,
| which makes it easier for remote attackers to determine the network
| location of the webmail user by logging DNS requests.
If you fix the vulnerability please also make sure to include the
CVE id in your changelog entry.
For further information see:
[0] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0463
http://security-tracker.debian.org/tracker/CVE-2010-0463
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (GNU/Linux)
iEYEARECAAYFAkt2bKgACgkQNxpp46476aoQvACfR6rJHFEp7Id3/4pbGNGfP0Ou
lwQAoJI330KbB6ZXFf8ukHKUg/5LfL7K
=aOFp
-----END PGP SIGNATURE-----
More information about the Secure-testing-team
mailing list