[imp] Horde/IMP problem with SQL
Jeff Tucker
jeff at jltnet.com
Fri Jan 17 15:46:10 PST 2003
--On Friday, January 17, 2003 3:37 PM -0500 "George A. Theall"
<theall at tifaware.com> wrote:
> On Fri, Jan 17, 2003 at 11:23:31AM -0500, Jeff Tucker wrote:
>> The Debian security guys are reporting a security problem with IMP
>> involving SQL injection:
>> http://www.linuxsecurity.com/advisories/debian_advisory-2761.html
>>
>> I've searched through the archives of the IMP and Horde lists for the
>> last few weeks and I don't see any mention of this here.
>
> See <http://marc.theaimsgroup.com/?l=imp&m=104156581519731&w=2>, which is
> Chuck's response to the vulnerability report.
>
>> Is there a problem? Can
>> someone point me to the fix? If it was fixed months ago, I need to
>> figure out if my install of CVS from a few months ago is vulnerable or
>> not.
>
> Yes, it's a problem, but only with versions 2.2.8 and below.
>
>
> George
> --
> theall at tifaware.com
Good news, thanks. I apologize for asking something already covered on the
list. I looked through the archives, but didn't notice these messages.
Jeff
--
jeff at jltnet.com
More information about the imp
mailing list