[imp] Re: [announce] IMP 3.2.5 (final)
Jan Schneider
jan at horde.org
Tue Aug 17 10:53:58 PDT 2004
Zitat von Federico Petronio <petrus at activesec.biz>:
> Hello...
>
> Jan Schneider wrote:
>
>> The Horde Team is pleased to announce the official release of the
>> IMP Webmail
>> Client version 3.2.5.
>>
>> Changes in this release:
>> - SECURITY: Closed an XSS hole in the HTML viewer, a variation
>> to the one
>> reported in http://www.greymagic.com/security/advisories/gm005-mc/.
>> This vulnerability only exists when using the Internet Explorer to
>> access IMP and only when using the inline MIME viewer for HTML
>> messages.
>
> I would like to know if there is a security patch that only affect the
> necessary lines to close the security related bug.
>
> I am running IMP-3.2.3 with the following patch to cover the mid-june
> XSS security related bug
> <http://cvs.horde.org/diff.php/imp/lib/IMP.php?r1=1.198.2.62&r2=1.198.2.63&ty=u>
http://cvs.horde.org/diff.php/imp/lib/MIME/Viewer/html.php?r1=1.4.2.15&r2=1.4.2.17&ty=u
Jan.
--
Do you need professional PHP or Horde consulting?
http://horde.org/consulting.php
More information about the imp
mailing list