Package: imp4 Severity: important Tags: security, patch Hi, the following CVE (Common Vulnerabilities & Exposures) id was published for imp4.
CVE-2008-4182[0]: | Cross-site scripting (XSS) vulnerability in imp/test.php in Horde | Turba Contact Manager H3 2.2.1, and possibly other Horde Project | products, allows remote attackers to inject arbitrary web script or | HTML via the User field in an IMAP session. The upstream patch for this issue can be found here[1]. Please address this issue together with the turba2 XSS for lenny via migration from unstable If you fix the vulnerability please also make sure to include the CVE id in your changelog entry. Cheers Steffen For further information see: [0] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4182 http://security-tracker.debian.net/tracker/CVE-2008-4182 [1] http://cvs.horde.org/diff.php/imp/test.php?r1=1.70&r2=1.71 -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
