Hello, On Wed, Jan 21, 2009 at 07:18:24PM -0600, Raphael Geissert wrote: > > The following CVE (Common Vulnerabilities & Exposures) id was published for > horde3. > > CVE-2008-5917[1]: > > Cross-site scripting (XSS) vulnerability in the XSS filter > > (framework/Text_Filter/Filter/xss.php) in Horde Application Framework 3.2.2 > > and 3.3, when Internet Explorer is being used, allows remote attackers to > > inject arbitrary web script or HTML via unknown vectors related to style > > attributes. > > The changes made by upstream to fix this bug are available at [2]. > > [1] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5917 > http://security-tracker.debian.net/tracker/CVE-2008-5917 > [2]http://cvs.horde.org/diff.php/framework/Text_Filter/Filter/xss.php?r1=1.17&r2=1.18
Note to avoid duplicate effort: I'm preparing packages/advisory. I will request upload by debian-security next week. Regards, -- Gregory Colpart <r...@evolix.fr> GnuPG:1024D/C1027A0E Evolix - Informatique et Logiciels Libres http://www.evolix.fr/ -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
