Your message dated Tue, 5 Jan 2010 12:40:22 +0100
with message-id <[email protected]>
and subject line CVE-2005-4080 is solved since some time (Bypass of input
sanitising with Internet Explorer)
has caused the Debian Bug report #342654,
regarding CVE-2005-4080: Bypass of input sanitising with Internet Explorer
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
342654: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=342654
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Package: imp4
Severity: important
Tags: security
It has been discovered that an Internet Explorer specific interpretation
flaw can be abused to bypass the sanitising features of IMP. Please see
http://article.gmane.org/gmane.comp.security.bugtraq/20693
for more information.
In a followup on of the upstream authors indicated that they're working
on revamping their security strategy from a black list approach (filtering
out harmful content) towards a mechanism that only permits non-harmful
HTML content, as they're unwilling to fix the IE interpretation bug of the
day.
This has been assigned CVE-2005-4080, please mention it in the changelog
when fixing this.
Cheers,
Moritz
-- System Information:
Debian Release: testing/unstable
APT prefers unstable
APT policy: (500, 'unstable')
Architecture: i386 (i686)
Shell: /bin/sh linked to /bin/bash
Kernel: Linux 2.6.14-2-686
Locale: LANG=C, lc_ctype=de_de.iso-8859...@euro (charmap=ISO-8859-15)
--- End Message ---
--- Begin Message ---
Version: 4.0.4-1
As reported on mitre, it is solved since nov 2005 ;)
See http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-4080
Mathieu Parent
--- End Message ---