Re: CVE request - horde, imp

[Ludwig Nussel <ludwig.nussel () suse de>]

Mitre was not in CC I guess the request got lost. 

Tomas Hoger wrote:
> Hi!
>
> New versions of horde and imp fix few security issues:
>
> Horde 3.2.4 and 3.3.3:
>      * SECURITY: Fix unescaped output in the tag cloud block
>      * SECURITY: Fix unvalidated Horde_Image driver name
>
> http://lists.horde.org/archives/announce/2009/000483.html
> http://lists.horde.org/archives/announce/2009/000482.html
> http://cvs.horde.org/diff.php/horde/docs/CHANGES?r1=1.515.2.413.2.3&r2=1.515.2.413.2.5&ty=h
>
> Patches:
> http://cvs.horde.org/diff.php/horde/services/portal/cloud_search.php?r1=1.1.2.2&r2=1.1.2.2.4.1
> http://cvs.horde.org/diff.php/framework/Image/Image.php?r1=1.39.10.17&r2=1.39.10.17.4.1
>
>
> Further details:
> http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=513265
>
>
> IMP 4.2.2 and 4.3.3:
> http://lists.horde.org/archives/announce/2009/000484.html
> http://lists.horde.org/archives/announce/2009/000485.html
> http://cvs.horde.org/diff.php/imp/docs/CHANGES?r1=1.699.2.301.2.1&r2=1.699.2.301.2.4&ty=h
>
> Patches:
> http://cvs.horde.org/diff.php/imp/pgp.php?r1=2.79.6.15&r2=2.79.6.15.2.1
> http://cvs.horde.org/diff.php/imp/smime.php?r1=2.48.4.12&r2=2.48.4.12.4.1
> http://cvs.horde.org/diff.php/imp/message.php?r1=2.560.4.56&r2=2.560.4.56.4.1
>
> Debian bug:
> http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=513266

-- 
 (o_   Ludwig Nussel
 //\   
 V_/_  http://www.suse.de/
SUSE LINUX Products GmbH, GF: Markus Rex, HRB 16746 (AG Nuernberg)