Git-Url: http://git.frugalware.org/gitweb/gitweb.cgi?p=homepage-ng.git;a=commitdiff;h=97145cba4ac8ab380e146cf9654c7fb6422ce38a
commit 97145cba4ac8ab380e146cf9654c7fb6422ce38a Author: Miklos Vajna <[EMAIL PROTECTED]> Date: Fri Jun 6 19:06:52 2008 +0200 FSA464-horde-webmail diff --git a/frugalware/xml/security.xml b/frugalware/xml/security.xml index 4610382..f0622f6 100644 --- a/frugalware/xml/security.xml +++ b/frugalware/xml/security.xml @@ -26,6 +26,18 @@ <fsas> <fsa> + <id>464</id> + <date>2008-06-06</date> + <package>horde-webmail</package> + <vulnerable>1.0.6-1kalgan1</vulnerable> + <unaffected>1.1-1kalgan1</unaffected> + <bts>http://bugs.frugalware.org/task/3120</bts> + <cve>http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-6018</cve> + <desc>Secunia Research has discovered a vulnerability in IMP Webmail Client and Horde Groupware Webmail Edition, which can be exploited by malicious people to bypass certain security restrictions and manipulate data. + The HTML filter does not filter out frame and frameset HTML elements. Additionally, the application allows users to perform certain actions via HTTP requests without performing any validity checks to verify the request. This can be exploited to (a) delete an arbitrary number of e-mail messages by referencing their numeric IDs and (b) purge deleted mails, when the victim opens a malicious HTML mail. + Successful exploitation requires that the victim opens the HTML part of a malicious message.</desc> + </fsa> + <fsa> <id>463</id> <date>2008-06-06</date> <package>openssl</package> _______________________________________________ Frugalware-git mailing list [email protected] http://frugalware.org/mailman/listinfo/frugalware-git
