oss-sec mailing list archives

Previous By Date Next
Previous By Thread Next

Re: CVE request: Horde Gollem <1.1.2 XSS in view.php

From: Josh Bressers <bressers () redhat com>
Date: Fri, 1 Oct 2010 16:05:12 -0400 (EDT)

----- "Alex Legler" <a3li () gentoo org> wrote:



Horde:
http://lists.horde.org/archives/announce/2010/000568.html



From that link:

    * Fixed an XSS vulnerability in util/icon_browser.php.


CVE-2010-3077. Also fixed in Horde Application Framework 3.3.9.


    * Fixed an XSS vulnerability in the Fetchmail configuration.


CVE n/a. Also fixed in Horde IMP 4.3.8
Reference:
http://git.horde.org/diff.php/imp/fetchmailprefs.php?rt=horde&r1=1.39.4.10&r2=1.39.4.11


CVE-2010-3695





    * Fixed an XSS vulnerability when showing mailbox names.


CVE n/a. Also fixed in Horde DIMP 1.1.5
Reference: http://bugs.horde.org/ticket/9240


CVE-2010-3693





    * Protected preference forms against CSRF attacks.


CVE n/a. Also fixed in Horde Application Framework 3.3.9.
Reference: http://secunia.com/advisories/39860


CVE-2010-3694


I think this is everything else. Let me know if I've missed something.

Thanks.

-- 
    JB
Previous By Date Next
Previous By Thread Next

Current thread: