[imp] CVE-2012-0791

lst_hoe02 at kwsoft.de lst_hoe02 at kwsoft.de
Fri Feb 3 16:22:21 UTC 2012


Zitat von Jan Schneider <jan at horde.org>:

>
> Zitat von Michael M Slusarz <slusarz at horde.org>:
>
>> Quoting Suzuki Takayuki <takaboo65535 at gmail.com>:
>>
>>> Hello All,
>>>
>>> I'm using IMP H3 (4.3.10) (Horde 3 Stable Release) with my mail server
>>> and provide the service to my colleagues. As I found a vulnerability :
>>> CVE-2012-0791 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0791
>>> , I want to apply patches to my Horde IMP for the fix.
>>>
>>> So, does someone have any plan to fix the issue in IMP H3? Though I
>>> should update to IMP H4 , I don't want it now because it may make some
>>> confusion in my colleagues.
>>> Please give me any advice.
>>
>> There are no plans to fix H3.  I do not even know if these  
>> vulnerabilities affect H3.
>
> We MUST fix this, because we still support Horde 3 with security  
> fixes. I already applied the fixes for Horde_Form and the contacts  
> popup.
> I'd appreciate if you could take a look at the other fixes for IMP.
> Jan.

Happy me :-)
If you prepare a fix release anyway please include the "language" fix  
for Firefox > 9 and IE >8. We solved it until now by simply set  
"$this->setFeature('utf');" for both Browsers but it might not be the  
smartest thing to do.

Thanks

Andreas


-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 6178 bytes
Desc: S/MIME Cryptographic Signature
URL: <http://lists.horde.org/archives/imp/attachments/20120203/c87b4863/attachment.bin>


More information about the imp mailing list