Bug 464210 (CVE-2008-4182)
Summary: | CVE-2008-4182 turba / imp: XSS attack | ||||||||
---|---|---|---|---|---|---|---|---|---|
Product: | [Other] Security Response | Reporter: | Josh Bressers <bressers> | ||||||
Component: | vulnerability | Assignee: | Red Hat Product Security <security-response-team> | ||||||
Status: | CLOSED ERRATA | QA Contact: | |||||||
Severity: | medium | Docs Contact: | |||||||
Priority: | medium | ||||||||
Version: | unspecified | CC: | j, nb | ||||||
Target Milestone: | --- | Keywords: | Security | ||||||
Target Release: | --- | ||||||||
Hardware: | All | ||||||||
OS: | Linux | ||||||||
URL: | http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-4182 | ||||||||
Whiteboard: | |||||||||
Fixed In Version: | Doc Type: | Bug Fix | |||||||
Doc Text: | Story Points: | --- | |||||||
Clone Of: | Environment: | ||||||||
Last Closed: | 2010-07-27 05:26:25 UTC | Type: | --- | ||||||
Regression: | --- | Mount Type: | --- | ||||||
Documentation: | --- | CRM: | |||||||
Verified Versions: | Category: | --- | |||||||
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |||||||
Cloudforms Team: | --- | Target Upstream Version: | |||||||
Embargoed: | |||||||||
Bug Depends On: | 464211, 464212, 464213 | ||||||||
Bug Blocks: | |||||||||
Attachments: |
|
Description
Josh Bressers
2008-09-26 18:30:47 UTC
Thanks Josh, I'll take a look and hopefully push a fix tonight. (In reply to comment #2) > Thanks Josh, I'll take a look and hopefully push a fix tonight. Hmm, I didn't get the fix in today, on a side note, it seems that out of the bax, the latest releases also have this bug, (IMP 4.3 and Turba 2.3), whats the accepted way of pushing this info upwards? IMP part should be fixed in 4.2.1: http://lists.horde.org/archives/announce/2008/000460.html TURBA part should be fixed in 2.2.2: http://lists.horde.org/archives/announce/2008/000461.html imp-4.3.6-1.fc11 has been submitted as an update for Fedora 11. http://admin.fedoraproject.org/updates/imp-4.3.6-1.fc11 imp-4.3.6-1.fc11 has been pushed to the Fedora 11 stable repository. If problems still persist, please make note of it in this bug report. Created attachment 434358 [details]
IMP fix
Adding patch here for posterity, as upstream site does not longer provide web interface for browsing CVS repository, only new GIT repository is available.
Created attachment 434359 [details]
Turba fix
turba-2.3-1.fc12 has been pushed to the Fedora 12 stable repository. If problems still persist, please make note of it in this bug report. turba-2.3-1.fc13 has been pushed to the Fedora 13 stable repository. If problems still persist, please make note of it in this bug report. |