Schlagwort-Archive: horde3

Allgemein

DSA-1642 horde3 – cross site scripting

Schreibe einen Kommentar

Will Drewry discovered that Horde allows remote attackers to send
an email with a crafted MIME attachment filename attribute to perform
cross site scripting.


Den aktuellen Originalartikel dazu lesen auf DSA-1642 horde3 – cross site scripting

….
More information:

  • Will Drewry discovered that Horde allows remote attackers to send an email with a crafted MIME attachment filename attribute to perform cross site scripting.
  • For the stable distribution (etch), this problem has been fixed in version 3.1.3-4etch4.
  • For the testing distribution (lenny), this problem has been fixed in version 3.2.1+debian0-2+lenny1.
  • For the unstable distribution (sid), this problem will be fixed soon.
  • We recommend that you upgrade your horde3 package.

….