36820 – Security: upgrade www/horde and mail/imp to prevent potential CSS

Bug 36820 - Security: upgrade www/horde and mail/imp to prevent potential CSS

Summary: Security: upgrade www/horde and mail/imp to prevent potential CSS

Status:	Closed FIXED

Alias:	None

Product:	Ports & Packages
Classification:	Unclassified
Component:	Individual Port(s) (show other bugs)
Version:	Latest
Hardware:	Any Any

Importance:	Normal Affects Only Me
Assignee:	freebsd-ports (Nobody)

URL:
Keywords:

Depends on:
Blocks:

Reported:	2002-04-06 21:30 UTC by Thierry Thomas
Modified:	2002-05-16 08:27 UTC (History)
CC List:	1 user (show)

See Also:

Attachments
file.diff (679 bytes, patch) 2002-04-06 21:30 UTC, Thierry Thomas	no flags	Details \| Diff
file.diff (668 bytes, patch) 2002-04-06 21:30 UTC, Thierry Thomas	no flags	Details \| Diff
View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Thierry Thomas 2002-04-06 21:30:01 UTC

	Hereunder is the official announce from "Brent J. Nordquist" <bjn@horde.org>
	on the Horde's announce list and on bugtraq:

The Horde team announces the availability of IMP 2.2.8, which prevents
some potential cross-site scripting (CSS) attacks.  Site administrators
should consider upgrading to IMP 3 (our first recommendation), but if this
is not possible, IMP 2.2.8 should be used to prevent these potential
attacks.

Fix: Pre-requisites: please commit PR ports/35740.

	Then apply the following patches:

1) Patch against www/horde

2) Patch against mail/imp
How-To-Repeat: 	N/A.

Comment 1 sada freebsd_committer

2002-05-16 08:27:15 UTC

State Changed
From-To: open->closed

Committed, thanks!