Package: imp4
Severity: important
Tags: security
It has been discovered that an Internet Explorer specific interpretation
flaw can be abused to bypass the sanitising features of IMP. Please see
http://article.gmane.org/gmane.comp.security.bugtraq/20693
for more information.
In a followup on of the upstream authors indicated that they're working
on revamping their security strategy from a black list approach (filtering
out harmful content) towards a mechanism that only permits non-harmful
HTML content, as they're unwilling to fix the IE interpretation bug of the
day.
This has been assigned CVE-2005-4080, please mention it in the changelog
when fixing this.
Cheers,
Moritz
-- System Information:
Debian Release: testing/unstable
APT prefers unstable
APT policy: (500, 'unstable')
Architecture: i386 (i686)
Shell: /bin/sh linked to /bin/bash
Kernel: Linux 2.6.14-2-686
Locale: LANG=C, [EMAIL PROTECTED] (charmap=ISO-8859-15)
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
