Moritz Naumann discovered that IMP 4, a webmail component for the Horde framework, is prone to cross-site scripting attacks by a lack of input sanitising of certain Fetchmail information. For the oldstable distribution (lenny), this problem has been fixed in version 4.2-4lenny3. For the stable distribution (squeeze), this problem has been fixed in version 4.3.7+debian0-2.1, which was already included in the squeeze release. For the testing distribution (wheezy) and the unstable distribution (sid), this problem has been fixed in version 4.3.7+debian0-2.1. We recommend that you upgrade your imp4 packages.
Moritz Naumann discovered that IMP 4, a webmail component for the Horde framework, is prone to cross-site scripting attacks by a lack of input sanitising of certain Fetchmail information.
For the oldstable distribution (lenny), this problem has been fixed in version 4.2-4lenny3.
For the stable distribution (squeeze), this problem has been fixed in version 4.3.7+debian0-2.1, which was already included in the squeeze release.
For the testing distribution (wheezy) and the unstable distribution (sid), this problem has been fixed in version 4.3.7+debian0-2.1.
We recommend that you upgrade your imp4 packages.