diff options
| author | remko <remko@FreeBSD.org> | 2005-11-26 18:54:21 +0800 |
|---|---|---|
| committer | remko <remko@FreeBSD.org> | 2005-11-26 18:54:21 +0800 |
| commit | 2aee599027fa199ef3b5a3d54ca5a1745e1cc2b7 (patch) | |
| tree | 68588ffdc9e06e3b0535c5953df1b0a64e118b85 | |
| parent | 54a4471c56d029007503a6f60c9fcfa53034bb27 (diff) | |
| download | freebsd-ports-gnome-2aee599027fa199ef3b5a3d54ca5a1745e1cc2b7.tar.gz freebsd-ports-gnome-2aee599027fa199ef3b5a3d54ca5a1745e1cc2b7.tar.zst freebsd-ports-gnome-2aee599027fa199ef3b5a3d54ca5a1745e1cc2b7.zip | |
Standarize the horde -- Cross site scripting vulnerabilities in MIME
viewers entry as per the FDP-primer and the vuxml layout (topic).
Also correct the qpopper vulnerability to match 4.0 and above since
the 2.x range is listed as affected at the moment but has an entirely
different base. After checking it appears that the information all
point to >= 4.0. [1]
Noticed by: ache [1]
| -rw-r--r-- | security/vuxml/vuln.xml | 26 |
1 files changed, 16 insertions, 10 deletions
diff --git a/security/vuxml/vuln.xml b/security/vuxml/vuln.xml index 16039d33a8aa..a4046eb11a4e 100644 --- a/security/vuxml/vuln.xml +++ b/security/vuxml/vuln.xml @@ -36,7 +36,7 @@ Note: Please add new entries to the beginning of this file. <vuxml xmlns="http://www.vuxml.org/apps/vuxml-1"> <vuln vid="873a6542-5b8d-11da-b96e-000fb586ba73"> - <topic>Horde -- Cross site scripting vulnerabilities in MIME viewers.</topic> + <topic>horde -- Cross site scripting vulnerabilities in MIME viewers.</topic> <affects> <package> <name>horde</name> @@ -48,23 +48,28 @@ Note: Please add new entries to the beginning of this file. <body xmlns="http://www.w3.org/1999/xhtml"> <p>Annouce of Horde 3.0.7 (final):</p> <blockquote cite="http://lists.horde.org/archives/announce/2005/000232.html"> - <p>This [3.0.7] is a security release that fixes cross site scripting vulnerabilities in - two of Horde's MIME viewers. These holes could for example be exploited by an - attacker sending specially crafted emails to Horde's webmail client IMP. The - attack could be used to steal users' identity information, taking over users' - sessions, or changing users' settings.</p> - <p>As a hotfix the css and tgz MIME drivers can be disabled by removing their - entries from the $mime_drivers_map['horde']['registered'] list in - horde/config/mime_drivers.php.</p> + <p>This [3.0.7] is a security release that fixes cross site + scripting vulnerabilities in two of Horde's MIME viewers. These + holes could for example be exploited by an attacker sending + specially crafted emails to Horde's webmail client IMP. The + attack could be used to steal users' identity information, taking + over users' sessions, or changing users' settings.</p> + <p>As a hotfix the css and tgz MIME drivers can be disabled by + removing their entries from the + $mime_drivers_map['horde']['registered'] list in + horde/config/mime_drivers.php.</p> </blockquote> </body> </description> <references> + <bid>15535</bid> + <cvename>CVE-2005-3759</cvename> <url>http://lists.horde.org/archives/announce/2005/000232.html</url> </references> <dates> <discovery>2005-11-22</discovery> <entry>2005-11-22</entry> + <modified>2005-11-26</modified> </dates> </vuln> @@ -249,7 +254,7 @@ Note: Please add new entries to the beginning of this file. <affects> <package> <name>qpopper</name> - <range><le>4.0.5</le></range> + <range><ge>4.0</ge><le>4.0.5</le></range> </package> </affects> <description> @@ -273,6 +278,7 @@ Note: Please add new entries to the beginning of this file. <dates> <discovery>2005-05-26</discovery> <entry>2005-11-07</entry> + <modified>2005-11-26</modified> </dates> </vuln> |