|Summary:||Security: upgrade www/horde and mail/imp to prevent potential CSS|
|Product:||Ports & Packages||Reporter:||Thierry Thomas <thierry>|
|Component:||Individual Port(s)||Assignee:||freebsd-ports (Nobody) <ports>|
|Severity:||Affects Only Me||CC:||security-officer|
Description Thierry Thomas 2002-04-06 21:30:01 UTC
Hereunder is the official announce from "Brent J. Nordquist" <firstname.lastname@example.org> on the Horde's announce list and on bugtraq: The Horde team announces the availability of IMP 2.2.8, which prevents some potential cross-site scripting (CSS) attacks. Site administrators should consider upgrading to IMP 3 (our first recommendation), but if this is not possible, IMP 2.2.8 should be used to prevent these potential attacks. Fix: Pre-requisites: please commit PR ports/35740. Then apply the following patches: 1) Patch against www/horde 2) Patch against mail/imp How-To-Repeat: N/A.
Comment 1 sada 2002-05-16 08:27:15 UTC
State Changed From-To: open->closed Committed, thanks!