Upstream has released a new version of IMP (4.3.8) [1] that corrects the following flaw [2],[3]: * Fixed an XSS vulnerability in the Fetchmail configuration. This has been assigned the name CVE-2010-3695. The current version of IMP in Fedora is 4.3.7 and is vulnerable to this flaw. [1] http://lists.horde.org/archives/announce/2010/000557.html [2] http://git.horde.org/diff.php/imp/fetchmailprefs.php?rt=horde&r1=1.39.4.10&r2=1.39.4.11 [3] http://archives.neohapsis.com/archives/fulldisclosure/2010-09/0379.html
Created imp tracking bugs for this issue Affects: fedora-all [bug 641070]