Bug 36820

Summary: Security: upgrade www/horde and mail/imp to prevent potential CSS
Product: Ports & Packages Reporter: Thierry Thomas <thierry>
Component: Individual Port(s)Assignee: freebsd-ports (Nobody) <ports>
Status: Closed FIXED    
Severity: Affects Only Me CC: security-officer
Priority: Normal    
Version: Latest   
Hardware: Any   
OS: Any   
Attachments:
Description Flags
file.diff
none
file.diff none

Description Thierry Thomas 2002-04-06 21:30:01 UTC
	Hereunder is the official announce from "Brent J. Nordquist" <bjn@horde.org>
	on the Horde's announce list and on bugtraq:

The Horde team announces the availability of IMP 2.2.8, which prevents
some potential cross-site scripting (CSS) attacks.  Site administrators
should consider upgrading to IMP 3 (our first recommendation), but if this
is not possible, IMP 2.2.8 should be used to prevent these potential
attacks.

Fix: Pre-requisites: please commit PR ports/35740.

	Then apply the following patches:

1) Patch against www/horde

2) Patch against mail/imp
How-To-Repeat: 	N/A.
Comment 1 sada freebsd_committer 2002-05-16 08:27:15 UTC
State Changed
From-To: open->closed

Committed, thanks!