[pkg-horde] CVE-2007-1515: imp4/etch not vulnerable
Gregory Colpart
reg at evolix.fr
Mon Sep 24 10:31:10 UTC 2007
On Mon, Sep 24, 2007 at 12:01:07PM +0200, Thijs Kinkhorst wrote:
> On Mon, September 24, 2007 09:42, Gregory Colpart wrote:
> > I report that imp4/etch is *not* vulnerable for
> > CVE-2007-1515 (corrected in #415117). I add CVE-id to imp4's
> > changelog in our GNU Arch repository but I mention it here because no
> > upload is expected in next weeks.
>
> Thanks for letting us know. Could you briefly say why it's not vulnerable,
> e.g. the vulnerable code is not in that version, or some other reason?
You saw probably the answer of Nico Golde but I give you more
details here: a patch[*] for this issue was applied in imp4
4.1.3-4 (version currently in etch). This patch is a backport of
upstream security changes.
[*] http://bugs.debian.org/cgi-bin/bugreport.cgi?msg=22;filename=imp-XSS-fix.patch;att=1;bug=415117
Regards,
--
Gregory Colpart <reg at evolix.fr> GnuPG:1024D/C1027A0E
Evolix - Informatique et Logiciels Libres http://www.evolix.fr/
More information about the pkg-horde-hackers
mailing list