[imp] CVE-2012-0791

Jochen Roderburg Roderburg at uni-koeln.de
Mon Feb 6 10:49:07 UTC 2012


Zitat von Michael M Slusarz <slusarz at horde.org>:

> Quoting Jan Schneider <jan at horde.org>:
>
>> Zitat von Michael M Slusarz <slusarz at horde.org>:
>>
>>> Quoting Suzuki Takayuki <takaboo65535 at gmail.com>:
>>>
>>>> Hello All,
>>>>
>>>> I'm using IMP H3 (4.3.10) (Horde 3 Stable Release) with my mail server
>>>> and provide the service to my colleagues. As I found a vulnerability :
>>>> CVE-2012-0791 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0791
>>>> , I want to apply patches to my Horde IMP for the fix.
>>>>
>>>> So, does someone have any plan to fix the issue in IMP H3? Though I
>>>> should update to IMP H4 , I don't want it now because it may make some
>>>> confusion in my colleagues.
>>>> Please give me any advice.
>>>
>>> There are no plans to fix H3.  I do not even know if these  
>>> vulnerabilities affect H3.
>>
>> We MUST fix this, because we still support Horde 3 with security  
>> fixes. I already applied the fixes for Horde_Form and the contacts  
>> popup.
>> I'd appreciate if you could take a look at the other fixes for IMP.
>> Jan.
>
> done
>
> ___________________________________
> Michael Slusarz [slusarz at horde.org]
>

Will this end up now in a security/bugfix release of Horde3/IMP4 etc. ?

Regards, J.Roderburg




More information about the imp mailing list