Git-Url: 
http://git.frugalware.org/gitweb/gitweb.cgi?p=homepage-ng.git;a=commitdiff;h=528a2dc8d048ad68e8715918b038adbecb5a9b83

commit 528a2dc8d048ad68e8715918b038adbecb5a9b83
Author: Miklos Vajna <vmik...@frugalware.org>
Date:   Mon May 4 12:02:36 2009 +0200

FSA600-horde-webmail

diff --git a/frugalware/xml/security.xml b/frugalware/xml/security.xml
index 82da46f..83fbd85 100644
--- a/frugalware/xml/security.xml
+++ b/frugalware/xml/security.xml
@@ -26,6 +26,19 @@

<fsas>
<fsa>
+               <id>600</id>
+               <date>2009-05-04</date>
+               <author>Miklos Vajna</author>
+               <package>horde-webmail</package>
+               <vulnerable>1.2.2-1</vulnerable>
+               <unaffected>1.2.3-1anacreon1</unaffected>
+               <bts>http://bugs.frugalware.org/task/3765</bts>
+               <cve>No CVE for this issue, see 
http://lists.horde.org/archives/announce/2009/000506.html.</cve>
+               <desc>A vulnerability has been reported in Horde IMP and Horde 
Groupware Webmail Edition, which can be exploited by malicious users to conduct 
spoofing attacks.
+                       The vulnerability is caused due to the application 
caching PGP keys from local address books. This can be exploited to insert 
manipulated public PGP keys to the cache, which can result e.g. in incorrectly 
signed incoming messages being displayed as valid.
+                       Successful exploitation requires a valid user account 
and that caching and PGP support is enabled.</desc>
+       </fsa>
+       <fsa>
<id>599</id>
<date>2009-05-03</date>
<author>Miklos Vajna</author>
_______________________________________________
Frugalware-git mailing list
Frugalware-git@frugalware.org
http://frugalware.org/mailman/listinfo/frugalware-git

Reply via email to