Debian Security Advisory

DSA-126-1 imp -- cross-site scripting

Date Reported:

16 Apr 2002

Affected Packages:

imp

Vulnerable:

Yes

Security database references:

In the Bugtraq database (at SecurityFocus): BugTraq ID 4444.
In Mitre's CVE dictionary: CVE-2002-0181.

More information:

A cross-site scripting (CSS) problem was discovered in Horde and IMP (a web based IMAP mail package). This was fixed upstream in Horde version 1.2.8 and IMP version 2.2.8. The relevant patches have been back-ported to version 1.2.6-0.potato.5 of the horde package and version 2.2.6-0.potato.5 of the imp package.

This release also fixes a bug introduced by the PHP security fix from DSA-115-1: Postgres support for PHP was changed in a subtle way which broke the Postgres support from IMP.

Fixed in:

Debian GNU/Linux 2.2 (potato)

Source:: http://security.debian.org/dists/stable/updates/main/source/horde_1.2.6-0.potato.5.dsc; http://security.debian.org/dists/stable/updates/main/source/horde_1.2.6-0.potato.5.tar.gz; http://security.debian.org/dists/stable/updates/main/source/imp_2.2.6-0.potato.5.dsc; http://security.debian.org/dists/stable/updates/main/source/imp_2.2.6-0.potato.5.tar.gz
Architecture-independent component:: http://security.debian.org/dists/stable/updates/main/binary-all/horde_1.2.6-0.potato.5_all.deb; http://security.debian.org/dists/stable/updates/main/binary-all/imp_2.2.6-0.potato.5_all.deb

MD5 checksums of the listed files are available in the original advisory.