[imp] CVE-2012-0791

Jan Schneider jan at horde.org
Mon Feb 6 11:15:27 UTC 2012


Zitat von Jochen Roderburg <Roderburg at uni-koeln.de>:

> Zitat von Michael M Slusarz <slusarz at horde.org>:
>
>> Quoting Jan Schneider <jan at horde.org>:
>>
>>> Zitat von Michael M Slusarz <slusarz at horde.org>:
>>>
>>>> Quoting Suzuki Takayuki <takaboo65535 at gmail.com>:
>>>>
>>>>> Hello All,
>>>>>
>>>>> I'm using IMP H3 (4.3.10) (Horde 3 Stable Release) with my mail server
>>>>> and provide the service to my colleagues. As I found a vulnerability :
>>>>> CVE-2012-0791 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0791
>>>>> , I want to apply patches to my Horde IMP for the fix.
>>>>>
>>>>> So, does someone have any plan to fix the issue in IMP H3? Though I
>>>>> should update to IMP H4 , I don't want it now because it may make some
>>>>> confusion in my colleagues.
>>>>> Please give me any advice.
>>>>
>>>> There are no plans to fix H3.  I do not even know if these  
>>>> vulnerabilities affect H3.
>>>
>>> We MUST fix this, because we still support Horde 3 with security  
>>> fixes. I already applied the fixes for Horde_Form and the contacts  
>>> popup.
>>> I'd appreciate if you could take a look at the other fixes for IMP.
>>> Jan.
>>
>> done
>>
>> ___________________________________
>> Michael Slusarz [slusarz at horde.org]
>>
>
> Will this end up now in a security/bugfix release of Horde3/IMP4 etc. ?

Yes.

Jan.

-- 
Do you need professional PHP or Horde consulting?
http://horde.org/consulting/



More information about the imp mailing list