[imp] Horde/IMP problem with SQL

George A. Theall theall at tifaware.com
Fri Jan 17 15:37:11 PST 2003


On Fri, Jan 17, 2003 at 11:23:31AM -0500, Jeff Tucker wrote:
> The Debian security guys are reporting a security problem with IMP 
> involving SQL injection:
> http://www.linuxsecurity.com/advisories/debian_advisory-2761.html
> 
> I've searched through the archives of the IMP and Horde lists for the last 
> few weeks and I don't see any mention of this here. 

See <http://marc.theaimsgroup.com/?l=imp&m=104156581519731&w=2>, which is
Chuck's response to the vulnerability report.

> Is there a problem? Can 
> someone point me to the fix? If it was fixed months ago, I need to figure 
> out if my install of CVS from a few months ago is vulnerable or not.

Yes, it's a problem, but only with versions 2.2.8 and below. 


George
-- 
theall at tifaware.com
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 185 bytes
Desc: not available
Url : http://lists.horde.org/archives/imp/attachments/20030117/46c18914/attachment.bin


More information about the imp mailing list