[imp] IMP 2.2.7 (SECURITY) released

Ola Lundqvist opal@debian.org
Tue, 13 Nov 2001 13:05:02 +0100


On Tue, Nov 13, 2001 at 06:03:34AM -0600, Brent J. Nordquist wrote:
> On Tue, 13 Nov 2001, Ola Lundqvist <opal@debian.org> wrote:
> 
> > What files have you changed to fix this vilnerability. Is it just
> > status.php3?
> 
> Yes; it's a one-liner (attached).

It was that one. Great! Thanks.

Regards,

// Ola

> -- 
> Brent J. Nordquist <bjn@horde.org> N0BJN
> Yahoo!: Brent_Nordquist / AIM: BrentJNordquist / ICQ: 76158942

Content-Description: patch
> Index: status.php3
> ===================================================================
> RCS file: /repository/imp/Attic/status.php3,v
> retrieving revision 2.7.2.22
> retrieving revision 2.7.2.23
> diff -u -r2.7.2.22 -r2.7.2.23
> --- status.php3	2000/11/13 21:35:30	2.7.2.22
> +++ status.php3	2001/11/09 16:47:06	2.7.2.23
> @@ -2,10 +2,10 @@
>  
>  /*
>   
> - File: status.php3
> + $Horde: imp/status.php3,v 2.7.2.23 2001/11/09 16:47:06 chuck Exp $
>   $Author: chuck $
> - $Revision: 2.7.2.22 $
> - $Date: 2000/11/13 21:35:30 $
> + $Revision: 2.7.2.23 $
> + $Date: 2001/11/09 16:47:06 $
>   
>   IMP: Copyright 1998, 1999, 2000 by Charles J. Hagenbuch <chuck@horde.org>
>   
> @@ -45,6 +45,7 @@
>  page_close();
>  if (isset($imp)) $imp->unpickle();
>  $title = $lang->status_title;
> +$message = htmlspecialchars($message);
>  
>  /* doctype */
>  require "$default->include_dir/doctype.inc";


-- 
 --------------------- Ola Lundqvist ---------------------------
/  opal@debian.org                     Björnkärrsgatan 5 A.11   \
|  opal@lysator.liu.se                 584 36 LINKÖPING         |
|  +46 (0)13-17 69 83                  +46 (0)70-332 1551       |
|  http://www.opal.dhs.org             UIN/icq: 4912500         |
\  gpg/f.p.: 7090 A92B 18FE 7994 0C36  4FE4 18A1 B1CF 0FE5 3DD9 /
 ---------------------------------------------------------------