Bug 490928 (CVE-2009-0930) - CVE-2009-0930 imp: multiple XSS vulnerabilities
Summary: CVE-2009-0930 imp: multiple XSS vulnerabilities
Status: CLOSED ERRATA
Alias: CVE-2009-0930
Product: Security Response
Classification: Other
Component: vulnerability   
(Show other bugs)
Version: unspecified
Hardware: All
OS: Linux
medium
medium
Target Milestone: ---
Assignee: Red Hat Product Security
QA Contact:
URL: http://web.nvd.nist.gov/view/vuln/det...
Whiteboard: impact=moderate,source=cve,reported=2...
Keywords: Security
Depends On: 544430
Blocks:
TreeView+ depends on / blocked
 
Reported: 2009-03-18 15:43 UTC by Vincent Danen
Modified: 2016-03-04 10:41 UTC (History)
1 user (show)

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2010-04-02 10:44:25 UTC
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)

Comment 1 Vincent Danen 2009-03-18 15:45:40 UTC
Common Vulnerabilities and Exposures assigned an identifier CVE-2009-0930 to
the following vulnerability:

Name: CVE-2009-0930
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0930
Assigned: 20090317
Reference: MLIST:[announce] 20090127 IMP 4.2.2 (final)
Reference: URL: http://lists.horde.org/archives/announce/2009/000484.html
Reference: MLIST:[announce] 20090127 IMP 4.3.3 (final)
Reference: URL: http://lists.horde.org/archives/announce/2009/000485.html
Reference:
CONFIRM: http://cvs.horde.org/co.php/imp/docs/CHANGES?r=1.699.2.301.2.3
Reference: CONFIRM: http://cvs.horde.org/co.php/imp/docs/CHANGES?r=1.699.2.375
Reference: BID:33492
Reference: URL: http://www.securityfocus.com/bid/33492
Reference: SECUNIA:33719
Reference: URL: http://secunia.com/advisories/33719

Multiple cross-site scripting (XSS) vulnerabilities in Horde IMP
before 4.2.2 and 4.3.3 allow remote attackers to inject arbitrary web
script or HTML via unspecified vectors to (1) smime.php, (2) pgp.php,
and (3) message.php.

Comment 3 Vincent Danen 2009-12-04 21:06:41 UTC
Fedora 12 contains 4.3.4, so has this fix.  Fedora 10 and 11 contain 4.2 and are still vulnerable to this issue.

Comment 5 Fedora Update System 2010-03-29 18:42:22 UTC
imp-4.3.6-1.fc11 has been submitted as an update for Fedora 11.
http://admin.fedoraproject.org/updates/imp-4.3.6-1.fc11

Comment 6 Fedora Update System 2010-04-01 01:45:57 UTC
imp-4.3.6-1.fc11 has been pushed to the Fedora 11 stable repository.  If problems still persist, please make note of it in this bug report.


Note You need to log in before you can comment on or make changes to this bug.