Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Sat, 21 Jan 2012 16:52:56 -0700
From: Kurt Seifried <kseifried@...hat.com>
To: oss-security@...ts.openwall.com
CC: Jan Lieskovsky <jlieskov@...hat.com>,
        "Steven M. Christey" <coley@...us.mitre.org>
Subject: Re: CVE Request -- Horde IMP -- Multiple XSS flaws
 fixed in v5.0.18

On 01/21/2012 03:44 AM, Jan Lieskovsky wrote:
> Hello Kurt, Steve, vendors,
>
>   Multiple XSS flaws were adressed in the v5.0.18 version of Horde IMP
> (from [1]):
>
> "[mms] SECURITY: Fix XSS vulnerabilities on the compose page (traditional
> view), the contacts popup window, and with certain IMAP mailbox names."
>
> References:
> [1] http://www.horde.org/apps/imp/docs/CHANGES
> [2] http://www.horde.org/apps/imp/docs/RELEASE_NOTES
> [3] http://secunia.com/advisories/47580
> [4] https://bugs.gentoo.org/show_bug.cgi?id=399563
>
> Upstream patches:
> [5]
> https://github.com/horde/horde/commit/41136ea893b3d5a84c6228a552f8e211c90f58de
>     (multiple XSS flaws)
>
> [6]
> https://github.com/horde/horde/commit/208eae43c95136a67104f760027a8892a22b6e25
>     (XSS in email validation)
>
> Could you allocate CVE ids for these? (two should be enough, one for
> the multiple
> XSS flaws patch and one for XSS in email validation patch)
>
> Thank you && Regards, Jan.
> -- 
> Jan iankko Lieskovsky / Red Hat Security Response Team
Please use CVE-2012-0791 for this issue.

-- 

--

-- Kurt Seifried / Red Hat Security Response Team

Powered by blists - more mailing lists

Your e-mail address:

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ