horde3 (3.1.3-4etch5) oldstable-security; urgency=high
* Backport a patch from Horde upstream to fix an IE-only hole in XSS filter
(See CVE-2008-5917 for more information). (Closes: #512592)
* Backport a patch from Horde upstream to fix a file inclusion issue in
Horde_Image driver name (Image/Image.php). (Closes: #513265)
* Fix small XSS/unescaped output vulnerability in services/obrowser/index.php
(see CVE-2008-3330 for more informations). (Closes: #492578)
-- Gregory Colpart <[email protected]> Thu, 29 Jan 2009 03:17:37 +0100
** Changed in: horde3 (Debian)
Importance: Unknown => Undecided
** Changed in: horde3 (Debian)
Status: Fix Committed => New
** Changed in: horde3 (Debian)
Remote watch: Debian Bug tracker #492578 => None
** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2008-3330
** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2008-5917
** Changed in: horde3 (Debian)
Status: New => Fix Released
--
Horde3 CVE-2008-3330 XSS
https://bugs.launchpad.net/bugs/252475
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
--
ubuntu-bugs mailing list
[email protected]
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
