Hello, Here is a little "ping" to know if you intent to fix this security issue[*] opened since july 2007.
[*] http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=434045 Regards, On Sun, Jul 22, 2007 at 09:06:48AM +0200, Gregory Colpart wrote: > Hello, > > The package horde3 has XSS vulnerability (See CVE-2007-1473 and bug #434045). > Affected versions are: > - sarge version (3.0.4-4sarge4) > - etch version (3.1.3-4) > - testing/unstable version (3.1.3-5) > > > Upstream patch is trivial > (http://bugs.horde.org/ticket/?id=4816): > > 8<---------------------------------- > - } elseif (!empty($lang)) { > + } elseif (!empty($lang) && NLS::isValid($lang)) { > 8<---------------------------------- > > > I prepared fixed packages: > > - sarge version > http://gcolpart.evolix.net/debian/horde3/horde3_3.0.4-4sarge5.diff.gz > http://gcolpart.evolix.net/debian/horde3/horde3_3.0.4-4sarge5.dsc > http://gcolpart.evolix.net/debian/horde3/horde3_3.0.4-4sarge4_3.0.4-4sarge5.diff > > - etch version > http://gcolpart.evolix.net/debian/horde3/horde3_3.1.3-4etch1.diff.gz > http://gcolpart.evolix.net/debian/horde3/horde3_3.1.3-4etch1.dsc > http://gcolpart.evolix.net/debian/horde3/horde3_3.1.3-4_3.1.3-4etch1.diff > > - unstable version > http://gcolpart.evolix.net/debian/horde3/horde3_3.1.4-1.diff.gz > http://gcolpart.evolix.net/debian/horde3/horde3_3.1.4-1.dsc > http://gcolpart.evolix.net/debian/horde3/horde3_3.1.3-5_3.1.4-1.diff > > Note that I'm member of pkg-horde team but I'm not DD, then > I am waiting my sponsor upload unstable package. > > > If you want to test the vulnerability, you could go to: > http://<server>/horde3/?new_lang=%22%3E%3Cbody%20onload=%22alert%28'hello%20world'%29%3B > (I can provide you vulnerable URL in private if you want) > > > Information for the advisory: > > 8<---------------------------------- > horde3 -- XSS vulnerability > > Date Reported: > ?? Jul 2007 > Affected Packages: > horde3 > Vulnerable: > Yes > Security database references: > In Mitre's CVE dictionary: CVE-2007-1473 > More information: > > It was discovered that the Horde web application framework has a cross-site > scripting (XSS) vulnerability in framework/NLS/NLS.php, allows remote > attackers > to inject arbitrary web script or HTML via the new_lang parameter. > > The old stable distribution (sarge) this problem has been fixed in version > 3.0.4-4sarge5. > > For the stable distribution (etch) this problem has been fixed in version > 3.1.3-4etch1. > > For the unstable distribution (sid) this problem has been fixed in version > 3.1.4-1. > > We recommend that you upgrade your horde3 package. > 8<---------------------------------- > > > Regards, > -- > Gregory Colpart <[EMAIL PROTECTED]> GnuPG:1024D/C1027A0E > Evolix - Informatique et Logiciels Libres http://www.evolix.fr/ -- Gregory Colpart <[EMAIL PROTECTED]> GnuPG:1024D/C1027A0E Evolix - Informatique et Logiciels Libres http://www.evolix.fr/ -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]