Your message dated Fri, 25 Nov 2005 12:02:13 +0100
with message-id <[EMAIL PROTECTED]>
and subject line Bug#340675: CVE-2005-3570: Cross site scripting vulnerability
has caused the attached Bug report to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what I am
talking about this indicates a serious mail system misconfiguration
somewhere. Please contact me immediately.)
Debian bug tracking system administrator
(administrator, Debian Bugs database)
--------------------------------------
Received: (at submit) by bugs.debian.org; 25 Nov 2005 01:31:37 +0000
>From [EMAIL PROTECTED] Thu Nov 24 17:31:37 2005
Return-path: <[EMAIL PROTECTED]>
Received: from sdcarl02.strategicdata.com.au ([203.214.67.82])
by spohr.debian.org with esmtp (Exim 4.50)
id 1EfSR6-0005Gb-IM
for [EMAIL PROTECTED]; Thu, 24 Nov 2005 17:31:37 -0800
Received: from carthanach.mel.strategicdata.com.au
(carthanach.mel.strategicdata.com.au [192.168.1.64])
by sdcarl02.strategicdata.com.au (Postfix) with ESMTP id 7982AC01AAE4
for <[EMAIL PROTECTED]>; Fri, 25 Nov 2005 12:31:30 +1100 (EST)
Received: by carthanach.mel.strategicdata.com.au (Postfix, from userid 1188)
id 3B7774C409A; Fri, 25 Nov 2005 12:31:30 +1100 (EST)
Content-Type: text/plain; charset="us-ascii"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
From: Geoff Crompton <[EMAIL PROTECTED]>
To: Debian Bug Tracking System <[EMAIL PROTECTED]>
Subject: CVE-2005-3570: Cross site scripting vulnerability
X-Mailer: reportbug 3.8
Date: Fri, 25 Nov 2005 12:31:30 +1100
Message-Id: <[EMAIL PROTECTED]>
Delivered-To: [EMAIL PROTECTED]
X-Spam-Checker-Version: SpamAssassin 2.60-bugs.debian.org_2005_01_02
(1.212-2003-09-23-exp) on spohr.debian.org
X-Spam-Level:
X-Spam-Status: No, hits=-8.0 required=4.0 tests=BAYES_00,HAS_PACKAGE
autolearn=no version=2.60-bugs.debian.org_2005_01_02
Package: horde2
Severity: grave
Justification: user security hole
Security focus http://www.securityfocus.com/bid/15409 reports an
unspecidied problem with Horde.
Horde at http://www.securityfocus.com/advisories/9756 describes:
>By enticing a user to read a specially-crafted e-mail or using a
>manipulated URL, an attacker can execute arbitrary scripts running in
>the context of the victim's browser. This could lead to a compromise of
>the user's browser content.
They recommend using horde 2.2.9
-- System Information:
Debian Release: 3.1
Architecture: i386 (i686)
Kernel: Linux 2.6.8-2-686-smp
Locale: LANG=en_AU, LC_CTYPE=en_AU (charmap=ISO-8859-1)
---------------------------------------
Received: (at 340675-done) by bugs.debian.org; 25 Nov 2005 11:03:58 +0000
>From [EMAIL PROTECTED] Fri Nov 25 03:03:58 2005
Return-path: <[EMAIL PROTECTED]>
Received: from c-adt-5.ataco.se ([213.115.168.248] helo=bixbite.opalsys.net)
by spohr.debian.org with esmtp (Exim 4.50)
id 1EfbN0-0008Si-1r
for [EMAIL PROTECTED]; Fri, 25 Nov 2005 03:03:58 -0800
Received: from ola by bixbite.opalsys.net with local (Exim 4.50)
id 1EfbLJ-0004DB-NR; Fri, 25 Nov 2005 12:02:13 +0100
Date: Fri, 25 Nov 2005 12:02:13 +0100
From: Ola Lundqvist <[EMAIL PROTECTED]>
To: Geoff Crompton <[EMAIL PROTECTED]>,
[EMAIL PROTECTED]
Subject: Re: Bug#340675: CVE-2005-3570: Cross site scripting vulnerability
Message-ID: <[EMAIL PROTECTED]>
Reply-To: [EMAIL PROTECTED]
References: <[EMAIL PROTECTED]>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <[EMAIL PROTECTED]>
User-Agent: Mutt/1.5.9i
X-Spam-Checker-Version: SpamAssassin 2.60-bugs.debian.org_2005_01_02
(1.212-2003-09-23-exp) on spohr.debian.org
X-Spam-Level:
X-Spam-Status: No, hits=-6.0 required=4.0 tests=BAYES_00,HAS_BUG_NUMBER
autolearn=no version=2.60-bugs.debian.org_2005_01_02
Version: 2.2.9-1
On Fri, Nov 25, 2005 at 12:31:30PM +1100, Geoff Crompton wrote:
> Package: horde2
> Severity: grave
> Justification: user security hole
>
>
> Security focus http://www.securityfocus.com/bid/15409 reports an
> unspecidied problem with Horde.
>
> Horde at http://www.securityfocus.com/advisories/9756 describes:
> >By enticing a user to read a specially-crafted e-mail or using a
> >manipulated URL, an attacker can execute arbitrary scripts running in
> >the context of the victim's browser. This could lead to a compromise of
> >the user's browser content.
There is a security issue but it can only be triggered
(as far as I understood the patch) if a fatal error occur. Not very likely
but still it may be a problem.
> They recommend using horde 2.2.9
Horde 2.2.9 has already been uploaded to unstable and this has already
been reported in bug #338983.
thanks anyay.
Format: 1.7
Date: Mon, 21 Nov 2005 20:03:22 +0100
Source: horde2
Binary: horde2
Architecture: source all
Version: 2.2.9-1
Distribution: unstable
Urgency: high
Maintainer: Ola Lundqvist <[EMAIL PROTECTED]>
Changed-By: Ola Lundqvist <[EMAIL PROTECTED]>
Description:
horde2 - horde web application suite
Closes: 338983
Changes:
horde2 (2.2.9-1) unstable; urgency=high
.
* New upstream release.
This release fix a cross site scripting vulnerability (CVE-2005-3570),
closes: #338983.
Files:
3ef2d764423af157b6ccd03271ec287b 563 web optional horde2_2.2.9-1.dsc
0d1a8a52ee69307fe2d687edd0b1c3c8 683026 web optional horde2_2.2.9.orig.tar.gz
3d18604e6014112ae9f9a1dc8172dbc9 59567 web optional horde2_2.2.9-1.diff.gz
d74d1ea1853a3213335f36719ce1958f 528996 web optional horde2_2.2.9-1_all.deb
Regards,
// Ola
> -- System Information:
> Debian Release: 3.1
> Architecture: i386 (i686)
> Kernel: Linux 2.6.8-2-686-smp
> Locale: LANG=en_AU, LC_CTYPE=en_AU (charmap=ISO-8859-1)
>
>
--
--------------------- Ola Lundqvist ---------------------------
/ [EMAIL PROTECTED] Annebergsslingan 37 \
| [EMAIL PROTECTED] 654 65 KARLSTAD |
| +46 (0)54-10 14 30 +46 (0)70-332 1551 |
| http://www.opal.dhs.org UIN/icq: 4912500 |
\ gpg/f.p.: 7090 A92B 18FE 7994 0C36 4FE4 18A1 B1CF 0FE5 3DD9 /
---------------------------------------------------------------
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
