[imp] IMP 2.2.7 (SECURITY) released
Ola Lundqvist
opal@debian.org
Tue, 13 Nov 2001 13:05:02 +0100
On Tue, Nov 13, 2001 at 06:03:34AM -0600, Brent J. Nordquist wrote:
> On Tue, 13 Nov 2001, Ola Lundqvist <opal@debian.org> wrote:
>
> > What files have you changed to fix this vilnerability. Is it just
> > status.php3?
>
> Yes; it's a one-liner (attached).
It was that one. Great! Thanks.
Regards,
// Ola
> --
> Brent J. Nordquist <bjn@horde.org> N0BJN
> Yahoo!: Brent_Nordquist / AIM: BrentJNordquist / ICQ: 76158942
Content-Description: patch
> Index: status.php3
> ===================================================================
> RCS file: /repository/imp/Attic/status.php3,v
> retrieving revision 2.7.2.22
> retrieving revision 2.7.2.23
> diff -u -r2.7.2.22 -r2.7.2.23
> --- status.php3 2000/11/13 21:35:30 2.7.2.22
> +++ status.php3 2001/11/09 16:47:06 2.7.2.23
> @@ -2,10 +2,10 @@
>
> /*
>
> - File: status.php3
> + $Horde: imp/status.php3,v 2.7.2.23 2001/11/09 16:47:06 chuck Exp $
> $Author: chuck $
> - $Revision: 2.7.2.22 $
> - $Date: 2000/11/13 21:35:30 $
> + $Revision: 2.7.2.23 $
> + $Date: 2001/11/09 16:47:06 $
>
> IMP: Copyright 1998, 1999, 2000 by Charles J. Hagenbuch <chuck@horde.org>
>
> @@ -45,6 +45,7 @@
> page_close();
> if (isset($imp)) $imp->unpickle();
> $title = $lang->status_title;
> +$message = htmlspecialchars($message);
>
> /* doctype */
> require "$default->include_dir/doctype.inc";
--
--------------------- Ola Lundqvist ---------------------------
/ opal@debian.org Björnkärrsgatan 5 A.11 \
| opal@lysator.liu.se 584 36 LINKÖPING |
| +46 (0)13-17 69 83 +46 (0)70-332 1551 |
| http://www.opal.dhs.org UIN/icq: 4912500 |
\ gpg/f.p.: 7090 A92B 18FE 7994 0C36 4FE4 18A1 B1CF 0FE5 3DD9 /
---------------------------------------------------------------