Ola Lundqvist wrote: > Is there any CVE number or similar that I can refer this to?
Please use ====================================================== Name: CVE-2005-3759 Status: Candidate URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3759 Reference: MLIST:[horde-announce] 20051122 Horde 3.0.7 (final) Reference: URL:http://lists.horde.org/archives/announce/2005/000232.html Multiple cross-site scripting (XSS) vulnerabilities in Horde before 3.0.7 allow remote attackers to inject arbitrary web script or HTML via the (1) gzip/tar and (2) css MIME viewers. > To the security team: > Is this important enough to fix for sarge? > I have prepared a package that I can upload of you want. We should try to fix XSS at least. I'd appreciate the updated packages. Could you upload them to a debian.org host or drop me a URL from where to download? Regards, Joey -- In the beginning was the word, and the word was content-type: text/plain Please always Cc to me when replying to me on the lists. -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]