Bug 36820 - Security: upgrade www/horde and mail/imp to prevent potential CSS
Summary: Security: upgrade www/horde and mail/imp to prevent potential CSS
Status: Closed FIXED
Alias: None
Product: Ports & Packages
Classification: Unclassified
Component: Individual Port(s) (show other bugs)
Version: Latest
Hardware: Any Any
: Normal Affects Only Me
Assignee: freebsd-ports (Nobody)
URL:
Keywords:
Depends on:
Blocks:
 
Reported: 2002-04-06 21:30 UTC by Thierry Thomas
Modified: 2002-05-16 08:27 UTC (History)
1 user (show)

See Also:


Attachments
file.diff (679 bytes, patch)
2002-04-06 21:30 UTC, Thierry Thomas
no flags Details | Diff
file.diff (668 bytes, patch)
2002-04-06 21:30 UTC, Thierry Thomas
no flags Details | Diff

Note You need to log in before you can comment on or make changes to this bug.
Description Thierry Thomas 2002-04-06 21:30:01 UTC
	Hereunder is the official announce from "Brent J. Nordquist" <bjn@horde.org>
	on the Horde's announce list and on bugtraq:

The Horde team announces the availability of IMP 2.2.8, which prevents
some potential cross-site scripting (CSS) attacks.  Site administrators
should consider upgrading to IMP 3 (our first recommendation), but if this
is not possible, IMP 2.2.8 should be used to prevent these potential
attacks.

Fix: Pre-requisites: please commit PR ports/35740.

	Then apply the following patches:

1) Patch against www/horde

2) Patch against mail/imp
How-To-Repeat: 	N/A.
Comment 1 sada freebsd_committer freebsd_triage 2002-05-16 08:27:15 UTC
State Changed
From-To: open->closed

Committed, thanks!