[imp] Horde/IMP problem with SQL
George A. Theall
theall at tifaware.com
Fri Jan 17 15:37:11 PST 2003
On Fri, Jan 17, 2003 at 11:23:31AM -0500, Jeff Tucker wrote:
> The Debian security guys are reporting a security problem with IMP
> involving SQL injection:
> http://www.linuxsecurity.com/advisories/debian_advisory-2761.html
>
> I've searched through the archives of the IMP and Horde lists for the last
> few weeks and I don't see any mention of this here.
See <http://marc.theaimsgroup.com/?l=imp&m=104156581519731&w=2>, which is
Chuck's response to the vulnerability report.
> Is there a problem? Can
> someone point me to the fix? If it was fixed months ago, I need to figure
> out if my install of CVS from a few months ago is vulnerable or not.
Yes, it's a problem, but only with versions 2.2.8 and below.
George
--
theall at tifaware.com
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 185 bytes
Desc: not available
Url : http://lists.horde.org/archives/imp/attachments/20030117/46c18914/attachment.bin
More information about the imp
mailing list