[24991] in bugtraq
IMP 2.2.8 (SECURITY) released
daemon@ATHENA.MIT.EDU (Brent J. Nordquist)
Mon Apr 8 13:31:40 2002
Date: Sat, 6 Apr 2002 09:02:48 -0600 (CST)
From: "Brent J. Nordquist" <bjn@horde.org>
Reply-To: "Brent J. Nordquist" <bjn@horde.org>
To: announce@lists.horde.org, <imp@lists.horde.org>
Cc: bugtraq@securityfocus.com, <lwn@lwn.net>
In-Reply-To: <Pine.LNX.4.33.0111100855360.24820-100000@kepler.acns.bethel.edu>
Message-ID: <Pine.LNX.4.44.0204060859050.13490-100000@kepler.acns.bethel.edu>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
The Horde team announces the availability of IMP 2.2.8, which prevents
some potential cross-site scripting (CSS) attacks. Site administrators
should consider upgrading to IMP 3 (our first recommendation), but if this
is not possible, IMP 2.2.8 should be used to prevent these potential
attacks.
The Horde Project would like to thank Nuno Loureiro <nuno@eth.pt>
for discovering this problem and providing a very thorough analysis.
This release also has an update for Informix.
Download:
This release can be downloaded from the following locations:
ftp://ftp.horde.org/pub/horde/
ftp://ftp.horde.org/pub/imp/
MD5 checksums:
96ae6dcf03cab2637c14c13d556049e0 horde-1.2.8.tar.gz
9f0e442f61ce542b945016bee2736d2f imp-2.2.8.tar.gz
daa3f4f3821036d7ef47205dc2c7922c patch-horde-1.2.7-1.2.8.gz
f3ee21b6b5e40516d46cef955f29e034 patch-imp-2.2.7-2.2.8.gz
--
Brent J. Nordquist <bjn@horde.org> N0BJN / OPN: #horde
