horde3 (3.1.3-4etch5) oldstable-security; urgency=high * Backport a patch from Horde upstream to fix an IE-only hole in XSS filter (See CVE-2008-5917 for more information). (Closes: #512592) * Backport a patch from Horde upstream to fix a file inclusion issue in Horde_Image driver name (Image/Image.php). (Closes: #513265) * Fix small XSS/unescaped output vulnerability in services/obrowser/index.php (see CVE-2008-3330 for more informations). (Closes: #492578)
-- Gregory Colpart <r...@debian.org> Thu, 29 Jan 2009 03:17:37 +0100 ** Changed in: horde3 (Debian) Importance: Unknown => Undecided ** Changed in: horde3 (Debian) Status: Fix Committed => New ** Changed in: horde3 (Debian) Remote watch: Debian Bug tracker #492578 => None ** CVE added: http://www.cve.mitre.org/cgi- bin/cvename.cgi?name=2008-3330 ** CVE added: http://www.cve.mitre.org/cgi- bin/cvename.cgi?name=2008-5917 ** Changed in: horde3 (Debian) Status: New => Fix Released -- Horde3 CVE-2008-3330 XSS https://bugs.launchpad.net/bugs/252475 You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs