Bug 641069 (CVE-2010-3695) - CVE-2010-3695 imp: XSS flaw in fetchmail configuration
Summary: CVE-2010-3695 imp: XSS flaw in fetchmail configuration
Keywords:
Status: CLOSED CURRENTRELEASE
Alias: CVE-2010-3695
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
medium
medium
Target Milestone: ---
Assignee: Red Hat Product Security
QA Contact:
URL:
Whiteboard:
Depends On: 641070
Blocks:
TreeView+ depends on / blocked
 
Reported: 2010-10-07 17:15 UTC by Vincent Danen
Modified: 2019-09-29 12:39 UTC (History)
2 users (show)

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed: 2010-12-06 03:42:55 UTC
Embargoed:


Attachments (Terms of Use)

Description Vincent Danen 2010-10-07 17:15:41 UTC
Upstream has released a new version of IMP (4.3.8) [1] that corrects the following flaw [2],[3]:

* Fixed an XSS vulnerability in the Fetchmail configuration.

This has been assigned the name CVE-2010-3695.  The current version of IMP in Fedora is 4.3.7 and is vulnerable to this flaw.


[1] http://lists.horde.org/archives/announce/2010/000557.html
[2] http://git.horde.org/diff.php/imp/fetchmailprefs.php?rt=horde&r1=1.39.4.10&r2=1.39.4.11
[3] http://archives.neohapsis.com/archives/fulldisclosure/2010-09/0379.html

Comment 1 Vincent Danen 2010-10-07 17:17:02 UTC
Created imp tracking bugs for this issue

Affects: fedora-all [bug 641070]


Note You need to log in before you can comment on or make changes to this bug.