From 4f2d7949f03e1c198bc888f2d05f421d35c57e21 Mon Sep 17 00:00:00 2001 From: V3n3RiX Date: Mon, 9 Oct 2017 18:53:29 +0100 Subject: reinit the tree, so we can have metadata --- metadata/glsa/glsa-200408-07.xml | 64 ++++++++++++++++++++++++++++++++++++++++ 1 file changed, 64 insertions(+) create mode 100644 metadata/glsa/glsa-200408-07.xml (limited to 'metadata/glsa/glsa-200408-07.xml') diff --git a/metadata/glsa/glsa-200408-07.xml b/metadata/glsa/glsa-200408-07.xml new file mode 100644 index 000000000000..3d17987dd512 --- /dev/null +++ b/metadata/glsa/glsa-200408-07.xml @@ -0,0 +1,64 @@ + + + + Horde-IMP: Input validation vulnerability for Internet Explorer users + + An input validation vulnerability has been discovered in Horde-IMP. This + only affects users of Internet Explorer. + + horde-imp + 2004-08-10 + 2006-05-22: 02 + 59336 + remote + + + 3.2.5 + 3.2.4 + + + +

+ Horde-IMP is the Internet Messaging Program. It is written in PHP and + provides webmail access to IMAP and POP3 accounts. +

+ + +

+ Horde-IMP fails to properly sanitize email messages that contain + malicious HTML or script code so that it is not safe for users of + Internet Explorer when using the inline MIME viewer for HTML messages. +

+ + +

+ By enticing a user to read a specially crafted e-mail, an attacker can + execute arbitrary scripts running in the context of the victim's + browser. This could lead to a compromise of the user's webmail account, + cookie theft, etc. +

+ + +

+ Do not use Internet Explorer to access Horde-IMP. +

+ + +

+ All Horde-IMP users should upgrade to the latest stable version: +

+ + # emerge sync + + # emerge -pv ">=www-apps/horde-imp-3.2.5" + # emerge ">=www-apps/horde-imp-3.2.5" + + + Horde-IMP Changelog + Secunia Advisory SA12202 + CVE-2004-1443 + + + jaervosz + + -- cgit v1.2.3