[imp] Re: [announce] IMP 3.2.5 (final)

Jan Schneider jan at horde.org
Tue Aug 17 10:53:58 PDT 2004


Zitat von Federico Petronio <petrus at activesec.biz>:

> Hello...
>
> Jan Schneider wrote:
>
>> The Horde Team is pleased to announce the official release of the 
>> IMP Webmail
>> Client version 3.2.5.
>>
>> Changes in this release:
>>     - SECURITY: Closed an XSS hole in the HTML viewer, a variation 
>> to the one
>>       reported in http://www.greymagic.com/security/advisories/gm005-mc/.
>>       This vulnerability only exists when using the Internet Explorer to
>>       access IMP and only when using the inline MIME viewer for HTML 
>> messages.
>
> I would like to know if there is a security patch that only affect the
> necessary lines to close the security related bug.
>
> I am running IMP-3.2.3 with the following patch to cover the mid-june
> XSS security related bug
> <http://cvs.horde.org/diff.php/imp/lib/IMP.php?r1=1.198.2.62&r2=1.198.2.63&ty=u>

http://cvs.horde.org/diff.php/imp/lib/MIME/Viewer/html.php?r1=1.4.2.15&r2=1.4.2.17&ty=u

Jan.

--
Do you need professional PHP or Horde consulting?
http://horde.org/consulting.php


More information about the imp mailing list