[25751] in bugtraq
CSS vulnerabilities in IMP 3.0
daemon@ATHENA.MIT.EDU (Brent J. Nordquist)
Thu Jun 13 10:55:27 2002
Date: Thu, 13 Jun 2002 09:01:00 -0500 (CDT)
From: "Brent J. Nordquist" <bjn@horde.org>
Reply-To: "Brent J. Nordquist" <bjn@horde.org>
To: announce@lists.horde.org, <imp@lists.horde.org>
Cc: bugtraq@securityfocus.com, <lwn@lwn.net>
In-Reply-To: <Pine.LNX.4.44.0204060859050.13490-100000@kepler.acns.bethel.edu>
Message-ID: <Pine.LNX.4.44.0206130854530.14922-100000@kepler.acns.bethel.edu>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
This is an update to the following security notification:
On Sat, 6 Apr 2002, Brent J. Nordquist <bjn@horde.org> wrote:
> The Horde team announces the availability of IMP 2.2.8, which prevents
> some potential cross-site scripting (CSS) attacks.
> [...]
> The Horde Project would like to thank Nuno Loureiro <nuno@eth.pt>
> for discovering this problem and providing a very thorough analysis.
Sites using IMP 3.0 should note that IMP 3.0 is also vulnerable to these
attacks, but IMP 3.1 (final released this week) is not. Therefore, IMP
3.0 users are encouraged to upgrade to IMP 3.1 to prevent these potential
attacks.
IMP 3.1 can be downloaded from the following location (Horde 2.0 does not
need to be upgraded; it will work with IMP 3.1):
ftp://ftp.horde.org/pub/imp/
MD5 checksums:
MD5 (imp-3.1.tar.gz) = 73ff42a32e3ee3617fd411be356cb70f
MD5 (patch-imp-3.0-3.1.gz) = a7c9330ab1df2cd727c4aeb858138821
--
Brent J. Nordquist <bjn@horde.org> N0BJN
Other contact information: http://www.nordist.net/contact.html
