[Bug 306536] [NEW] CVE-2008-2379 insufficient input sanitising
Reinhard Tartler
siretart at tauware.de
Tue Dec 9 14:01:35 UTC 2008
Public bug reported:
Binary package hint: squirrelmail
- ------------------------------------------------------------------------
Debian Security Advisory DSA-168201 security_at_debian.org
http://www.debian.org/security/ Thijs Kinkhorst
December 07, 2008 http://www.debian.org/security/faq
- ------------------------------------------------------------------------
Package : squirrelmail
Vulnerability : insufficient input sanitising
Problem type : remote
Debian-specific: no
CVE Id(s) : CVE-2008-2379
Ivan Markovic discovered that SquirrelMail, a webmail application, did not
sufficiently sanitise incoming HTML email, allowing an attacker to perform
cross site scripting through sending a malicious HTML email.
For the stable distribution (etch), this problem has been fixed in
version 1.4.9a-3.
For the unstable distribution (sid), this problem has been fixed in
version 1.4.15-4.
We recommend that you upgrade your squirrelmail package.
** Affects: squirrelmail (Ubuntu)
Importance: Undecided
Status: New
** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2008-2379
--
CVE-2008-2379 insufficient input sanitising
https://bugs.launchpad.net/bugs/306536
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
--
ubuntu-bugs mailing list
ubuntu-bugs at lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
More information about the universe-bugs
mailing list