On Thu, Feb 01, 2001 at 06:00:59PM -0500, Dan Brown <[EMAIL PROTECTED]> wrote:
Gee thanks Dan :-(
First BIND (yet again - the sendmail for the new millenium) and now IMP.
Thanks for the heads-up.
Gordon
> ----- Forwarded message from "Brent J. Nordquist" <[EMAIL PROTECTED]> -----
> Date: Thu, 1 Feb 2001 16:18:47 -0600 (CST)
> From: "Brent J. Nordquist" <[EMAIL PROTECTED]>
> Reply-To: [EMAIL PROTECTED]
> Subject: [imp] IMP 2.2.4 (SECURITY) released
> To: [EMAIL PROTECTED], [EMAIL PROTECTED]
>
> The Horde team announces the availability of IMP 2.2.4 -- this version
> improves IMP's filtering of malicious HTML scripting constructs in HTML
> attachments, which can be used by an attacker to run scripting code in
> the user's browser. Administrators of IMP 2.2.x production systems are
> encouraged to upgrade to prevent this kind of attack against your
> users.
>
> This release also contains a long list of bug fixes and minor
> improvements,
> most notably the fix for attachment downloading for IE 5.5 users. For
> a
> complete list of changes in this release, please consult the
> docs/CHANGES
> files.
>
> Credits:
>
> Thanks to Nick Cleaton <[EMAIL PROTECTED]> for reporting the HTML
> scripting
> vulnerability. A specific exploit for this problem is known, but at
> his request we are not providing details at this time. Other webmail
> products are also vulnerable to a similar attack, and this will give
> their developers a little more time to implement a fix.
>
> Please notify <[EMAIL PROTECTED]> of security issues related to Horde
> and IMP.
>
> Download:
>
> This release can be downloaded from the following locations:
>
> ftp://ftp.horde.org/pub/horde/
> ftp://ftp.horde.org/pub/imp/
>
> MD5 checksums:
>
> 34c4dad1b7d4f7043e5cd8fc0e1b8eba horde-1.2.4.tar.gz
> 2c13da892a0d9bc16b328b834453908c imp-2.2.4.tar.gz
> 739355e33c23cdd8a53ff2347d7c6d99 patch-horde-1.2.3-1.2.4.gz
> f657510902217046a892f3e03ae418a6 patch-imp-2.2.3-2.2.4.gz
>
> --
> Brent J. Nordquist <[EMAIL PROTECTED]>
> Yahoo!: Brent_Nordquist / AIM: BrentJNordquist / ICQ: 76158942
>
>
> --
> IMP mailing list: http://horde.org/imp/
> Frequently Asked Questions: http://horde.org/faq/
> To unsubscribe, mail: [EMAIL PROTECTED]
>
>
>
> ----- End forwarded message -----
>
>
>
> --
> Dan Brown, KE6MKS, [EMAIL PROTECTED]
> "Since all the world is but a story, it were well for thee to buy the more
> enduring story rather than the story that is less enduring."
> --The Judgment of St. Collum Cille
>
> --
> This list is archived
> To unsubscribe, e-mail: [EMAIL PROTECTED]
> For additional commands, e-mail: [EMAIL PROTECTED]
>
Gordon Rowell [EMAIL PROTECTED]
http://www.e-smith.org (development) http://www.e-smith.com (corporate)
Phone: +1 (613) 564 8000 ext. 4378 Fax: +1 (613) 564 7739
e-smith, inc. 1500-150 Metcalfe St, Ottawa, ON K2P 1P1 Canada
