[imp] Re: [announce] IMP 3.2.5 (final)

Federico Petronio petrus at activesec.biz
Tue Aug 17 09:57:16 PDT 2004


Hello...

Jan Schneider wrote:

> The Horde Team is pleased to announce the official release of the IMP Webmail
> Client version 3.2.5.
> 
> Changes in this release:
>     - SECURITY: Closed an XSS hole in the HTML viewer, a variation to the one
>       reported in http://www.greymagic.com/security/advisories/gm005-mc/.
>       This vulnerability only exists when using the Internet Explorer to
>       access IMP and only when using the inline MIME viewer for HTML messages.

I would like to know if there is a security patch that only affect the
necessary lines to close the security related bug.

I am running IMP-3.2.3 with the following patch to cover the mid-june
XSS security related bug
<http://cvs.horde.org/diff.php/imp/lib/IMP.php?r1=1.198.2.62&r2=1.198.2.63&ty=u>


Thank you...
-- 
                                         Federico Petronio
                                         petrus at activesec.biz




More information about the imp mailing list