Severity 342654 wishlist thanks Hi
I do not fully understand this. As i understand this article at gmane.org this is a IE bug. Fixing this in horde do not give much effect as it is just as simple to trigger this bug in any html page anywhere else. Horde/imp could of course fix this by filter it out but it is actually not a bug in horde/imp. Therefore I decide to lower the severity to wishlist but with the security tag still there. Thanks anyway for reporting this issue. Regards, // Ola On Fri, Dec 09, 2005 at 10:31:39AM +0100, Moritz Muehlenhoff wrote: > Package: imp4 > Severity: important > Tags: security > > It has been discovered that an Internet Explorer specific interpretation > flaw can be abused to bypass the sanitising features of IMP. Please see > http://article.gmane.org/gmane.comp.security.bugtraq/20693 > for more information. > > In a followup on of the upstream authors indicated that they're working > on revamping their security strategy from a black list approach (filtering > out harmful content) towards a mechanism that only permits non-harmful > HTML content, as they're unwilling to fix the IE interpretation bug of the > day. > > This has been assigned CVE-2005-4080, please mention it in the changelog > when fixing this. > > Cheers, > Moritz > > -- System Information: > Debian Release: testing/unstable > APT prefers unstable > APT policy: (500, 'unstable') > Architecture: i386 (i686) > Shell: /bin/sh linked to /bin/bash > Kernel: Linux 2.6.14-2-686 > Locale: LANG=C, [EMAIL PROTECTED] (charmap=ISO-8859-15) > > -- --------------------- Ola Lundqvist --------------------------- / [EMAIL PROTECTED] Annebergsslingan 37 \ | [EMAIL PROTECTED] 654 65 KARLSTAD | | +46 (0)54-10 14 30 +46 (0)70-332 1551 | | http://www.opal.dhs.org UIN/icq: 4912500 | \ gpg/f.p.: 7090 A92B 18FE 7994 0C36 4FE4 18A1 B1CF 0FE5 3DD9 / --------------------------------------------------------------- -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
