Package: imp4
Version: 4.0.2-1
Severity: grave
Tags: security
Justification: security hole when package used
Upstream changelog of new version says:
This (..) fixes two cross site scripting vulnerabilities.
Major changes compared to the IMP H3 (4.1.4-RC1) version are:
* Fixed XSS vulnerabilities in the search screen and thread view.
Sarge may or may not be vulnerable, I haven't checked yet.x
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
