Your message dated Thu, 22 Jan 2009 09:10:45 +0100
with message-id <[email protected]>
and subject line [SA33521]
has caused the Debian Bug report #512609,
regarding [SA33521] Horde Products Cross-Site Scripting Vulnerability
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
512609: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=512609
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Package: horde3
Severity: important
Tags: security
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Hi,
The following SA (Secunia Advisory) id was published for Horde Products:
SA33521[1]
> DESCRIPTION:
> A vulnerability has been reported in various Horde products, which
> can potentially be exploited to conduct cross-site scripting
> attacks.
>
> Unspecified input is not properly sanitised before being returned to
> the user. This can be exploited to execute arbitrary HTML and script
> code in a user's browser session in the context of an affected site.
>
> Successful exploitation requires that the victim uses Microsoft
> Internet Explorer.
>
> The vulnerability is reported in the following products and
> versions:
> * Horde Groupware Webmail Edition version 1.1.3
> * Horde Groupware Webmail Edition version 1.2
> * Horde Groupware version 1.1.3
> * Horde Groupware version 1.2
> * Horde version H3 (3.3)
> * Horde version H3 (3.2.2)
>
> SOLUTION:
> Update to the latest versions.
>
> Horde Groupware Webmail Edition:
> Update to version 1.1.4 or 1.2.1.
>
> Horde Groupware:
> Update to version 1.1.4 or 1.2.1.
>
> Horde H3:
> Update to version 3.3.1 or 3.2.3.
>
> PROVIDED AND/OR DISCOVERED BY:
> Reported by the vendor.
>
> ORIGINAL ADVISORY:
> Horde:
> http://lists.horde.org/archives/announce/2008/000462.html
> http://lists.horde.org/archives/announce/2008/000464.html
> http://lists.horde.org/archives/announce/2008/000466.html
> http://lists.horde.org/archives/announce/2008/000467.html
> http://lists.horde.org/archives/announce/2008/000471.html
> http://lists.horde.org/archives/announce/2008/000472.html
If you fix the vulnerability please also make sure to include the CVE id
(if available) in the changelog entry.
[1]http://secunia.com/advisories/33521/
Cheers,
Giuseppe.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)
iEYEARECAAYFAkl4Jw8ACgkQNxpp46476arrOACfYTndANKV+d2LHoyJtvBCEg3Q
DaQAnjMsDG7fAzeeIvx78BaYdO9c+7CU
=vF5g
-----END PGP SIGNATURE-----
--- End Message ---
--- Begin Message ---
Sorry, Raphael already reported it in #512592.
Cheers,
Giuseppe.
signature.asc
Description: OpenPGP digital signature
--- End Message ---
