[bug #32013] Improper escaping of certain HTML sequences (XSS)

URL: Summary: Improper escaping of certain HTML sequences (XSS) Project: MHonArc Submitted by: ehood Submitted on: Thu 30 Dec 2010 02:04:54 PM CST Category: MIME Filter

[bug #26577] Changed semantic for unpack breaks UTF-8

Update of bug #26577 (project mhonarc): Status:None => In Progress ___ Reply to this item at: ___

[bug #32013] CVE-2010-4524: Improper escaping of certain HTML sequences (XSS)

Update of bug #32013 (project mhonarc): Summary: Improper escaping of certain HTML sequences (XSS) => CVE-2010-4524: Improper escaping of certain HTML sequences (XSS) ___ Reply to this item at:

[bug #32014] CVE-2010-1677: DoS when processing html messages with deep tag nesting

URL: Summary: CVE-2010-1677: DoS when processing html messages with deep tag nesting Project: MHonArc Submitted by: ehood Submitted on: Thu 30 Dec 2010 02:45:51 PM CST Category: MI

[bug #32014] CVE-2010-1677: DoS when processing html messages with deep tag nesting

Update of bug #32014 (project mhonarc): Status: In Progress => Ready For Test ___ Follow-up Comment #1: mhtxthtml.pl filter modified to reject any message with nested tags. This is invalid HTML, so

[bug #32013] CVE-2010-4524: Improper escaping of certain HTML sequences (XSS)

Update of bug #32013 (project mhonarc): Status: Confirmed => Ready For Test ___ Follow-up Comment #1: mhtxthtml.pl filter modified to reject any message with nested tags. This is invalid HTML, so

Fix for CVE-2010-4524 and CVE-2010-1677 ready for verfication

I've committed in a potential fix, and made a snapshot build that should address the following recent security issues: CVE-2010-4524 CVE-2010-1677 Snapshot release is available at the following location: http://www.mhonarc.org/release/MHonArc/dist/ Any build dated 2010-12-30, or later, wi