[imp] Re: [announce] IMP 3.2.5 (final)
Federico Petronio
petrus at activesec.biz
Tue Aug 17 09:57:16 PDT 2004
Hello...
Jan Schneider wrote:
> The Horde Team is pleased to announce the official release of the IMP Webmail
> Client version 3.2.5.
>
> Changes in this release:
> - SECURITY: Closed an XSS hole in the HTML viewer, a variation to the one
> reported in http://www.greymagic.com/security/advisories/gm005-mc/.
> This vulnerability only exists when using the Internet Explorer to
> access IMP and only when using the inline MIME viewer for HTML messages.
I would like to know if there is a security patch that only affect the
necessary lines to close the security related bug.
I am running IMP-3.2.3 with the following patch to cover the mid-june
XSS security related bug
<http://cvs.horde.org/diff.php/imp/lib/IMP.php?r1=1.198.2.62&r2=1.198.2.63&ty=u>
Thank you...
--
Federico Petronio
petrus at activesec.biz
More information about the imp
mailing list