[imp] IMP 4.3.3 (final)

Chuck Hagenbuch chuck at horde.org
Tue Jan 27 15:36:30 UTC 2009


The Horde Team is pleased to announce the final release of the Internet
Messaging Program (IMP) version H3 (4.3.3).

This is a minor security release that fixes unescaped output in several
scripts. All users are encouraged to upgrade to this release. Thanks to Gunnar
Wrobel for finding these issues in a code audit.

IMP, the Internet Messaging Program, is one of the most popular webmail
applications available.  It allows universal, web-based access to IMAP and
POP3 mail servers and provides a full range of features normally found only in
desktop email clients.

The major changes compared to IMP version H3 (4.3.2) are:
     * SECURITY: Escape output in message.php, pgp.php and smime.php
     * Several bugfixes and minor improvements

The full list of changes (from version 4.3.2) can be viewed here:

http://cvs.horde.org/diff.php/imp/docs/CHANGES?r1=1.699.2.367&r2=1.699.2.376&ty=h

The IMP 4.3.3 distribution is available from the following locations:

     ftp://ftp.horde.org/pub/imp/imp-4.3.3.tar.gz
     http://ftp.horde.org/pub/imp/imp-4.3.3.tar.gz

Patches against version 4.3.2 are available at:

     ftp://ftp.horde.org/pub/imp/patches/patch-imp-4.3.2-4.3.3.gz
     http://ftp.horde.org/pub/imp/patches/patch-imp-4.3.2-4.3.3.gz

NOTE: Patches do not contain differences between files containing binary data.
These files will need to be updated via the distribution files.

Or, for quicker access, download from your nearest mirror:

     http://www.horde.org/mirrors.php

MD5 sums for the packages are as follows:

     0f1ece5ca4eb3463409bc9838a27a3c2  imp-4.3.3.tar.gz
     3bb97a67671ffdd95ac8eebe17e22182  patch-imp-4.3.2-4.3.3.gz

Have fun!

The Horde Team.


More information about the imp mailing list