Git-Url: http://git.frugalware.org/gitweb/gitweb.cgi?p=homepage-ng.git;a=commitdiff;h=5ec2cdd7ba09c38235302198cf0040ac68ca21bb
commit 5ec2cdd7ba09c38235302198cf0040ac68ca21bb Author: voroskoi <[EMAIL PROTECTED]> Date: Mon Jan 21 21:18:06 2008 +0100 FSA358-horde-webmail diff --git a/frugalware/xml/security.xml b/frugalware/xml/security.xml index 885d16c..308e884 100644 --- a/frugalware/xml/security.xml +++ b/frugalware/xml/security.xml @@ -27,6 +27,19 @@ <fsas> <fsa> + <id>358</id> + <date>2008-01-21</date> + <author>voroskoi</author> + <package>horde-webmail</package> + <vulnerable>1.0.1-3</vulnerable> + <unaffected>1.0.1-4sayshell1</unaffected> + <bts>http://bugs.frugalware.org/task/2693</bts> + <cve>http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-6018</cve> + <desc>Secunia Research has discovered a vulnerability in IMP Webmail Client and Horde Groupware Webmail Edition, which can be exploited by malicious people to bypass certain security restrictions and manipulate data. + The HTML filter does not filter out frame and frameset HTML elements. Additionally, the application allows users to perform certain actions via HTTP requests without performing any validity checks to verify the request. This can be exploited to (a) delete an arbitrary number of e-mail messages by referencing their numeric IDs and (b) purge deleted mails, when the victim opens a malicious HTML mail. + Successful exploitation requires that the victim opens the HTML part of a malicious message.</desc> + </fsa> + <fsa> <id>357</id> <date>2008-01-21</date> <author>voroskoi</author> _______________________________________________ Frugalware-git mailing list [email protected] http://frugalware.org/mailman/listinfo/frugalware-git
