Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
Message-ID: <487219407.1015181285963512331.JavaMail.root@zmail01.collab.prod.int.phx2.redhat.com>
Date: Fri, 1 Oct 2010 16:05:12 -0400 (EDT)
From: Josh Bressers <bressers@...hat.com>
To: oss-security@...ts.openwall.com
Cc: coley <coley@...re.org>
Subject: Re: CVE request: Horde Gollem <1.1.2 XSS in view.php


----- "Alex Legler" <a3li@...too.org> wrote:
> 
> > Horde:
> > http://lists.horde.org/archives/announce/2010/000568.html
> >
> 
> From that link:
> >     * Fixed an XSS vulnerability in util/icon_browser.php.
> 
> CVE-2010-3077. Also fixed in Horde Application Framework 3.3.9.
> 
> >     * Fixed an XSS vulnerability in the Fetchmail configuration.
> 
> CVE n/a. Also fixed in Horde IMP 4.3.8
> Reference:
> http://git.horde.org/diff.php/imp/fetchmailprefs.php?rt=horde&r1=1.39.4.10&r2=1.39.4.11

CVE-2010-3695


> 
> >     * Fixed an XSS vulnerability when showing mailbox names.
> 
> CVE n/a. Also fixed in Horde DIMP 1.1.5
> Reference: http://bugs.horde.org/ticket/9240

CVE-2010-3693


> 
> >     * Protected preference forms against CSRF attacks.
> 
> CVE n/a. Also fixed in Horde Application Framework 3.3.9.
> Reference: http://secunia.com/advisories/39860

CVE-2010-3694


I think this is everything else. Let me know if I've missed something.

Thanks.

-- 
    JB

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.