Will Drewry discovered that Horde allows remote attackers to send
an email with a crafted MIME attachment filename attribute to perform
cross site scripting.
…
Den aktuellen Originalartikel dazu lesen auf DSA-1642 horde3 – cross site scripting
….
More information:
- Will Drewry discovered that Horde allows remote attackers to send an email with a crafted MIME attachment filename attribute to perform cross site scripting.
- For the stable distribution (etch), this problem has been fixed in version 3.1.3-4etch4.
- For the testing distribution (lenny), this problem has been fixed in version 3.2.1+debian0-2+lenny1.
- For the unstable distribution (sid), this problem will be fixed soon.
- We recommend that you upgrade your horde3 package.
….