New versions of imp fix one security issue: IMP 4.2.2 and 4.3.3: * SECURITY: Escape output in message.php, pgp.php and smime.php http://lists.horde.org/archives/announce/2009/000484.html http://lists.horde.org/archives/announce/2009/000485.html http://cvs.horde.org/diff.php/imp/docs/CHANGES?r1=1.699.2.301.2.1&r2=1.699.2.301.2.4&ty=h Patches: http://cvs.horde.org/diff.php/imp/pgp.php?r1=2.79.6.15&r2=2.79.6.15.2.1 http://cvs.horde.org/diff.php/imp/smime.php?r1=2.48.4.12&r2=2.48.4.12.4.1 http://cvs.horde.org/diff.php/imp/message.php?r1=2.560.4.56&r2=2.560.4.56.4.1 Debian bug: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=513266
IMP 4.3.4 is in F12 and later. F11 still has 4.2 and should still be affected.