Advertisements

 Horde IMP Webmail Client version H3 (4.1.4) fixes multiple XSS issues

Thursday, 15 March 2007

The Horde Team is pleased to announce the final release of the IMP Webmail
Client version H3 (4.1.4).

This is a bugfix release that also fixes two cross site scripting
vulnerabilities.

Many thanks to the "Immerda Project Group" (http://www.immmerda.ch) and Moritz
Naumann (http://moritz-naumann.com/) for reporting these problems and working
with us to test the fixes.

IMP, the Internet Messaging Program, is one of the most popular webmail
applications available. It allows universal, web-based access to IMAP and POP3
mail servers and provides a full range of features normally found only in
desktop email clients.

Major changes compared to the IMP H3 (4.1.4-RC1) version are:
* Fixed XSS vulnerabilities in the search screen and thread view.
* Improved displaying of PGP messages.
* Fixed IMAP filtering.

Major changes compared to the IMP H3 (4.1.3) version are:
* Turned mailto: links in HTML emails into IMP compose links.
* Small improvements to the iCalendar/iTip handler.
* Improved compatibility with Internet Explorer 7.
* Several small bug fixes and improvements.
* Updated Brazilian Portuguese, Catalan, Dutch, German, Portuguese and
Traditional Chinese translations.

The full list of changes (from version H3 (4.1.3)) can be viewed here:

http://cvs.horde.org/diff.php/imp/docs/CHANGES?r1=1.699.2.206&r2=1.699.2.232&ty=h

The IMP H3 (4.1.4) distribution is available from the following locations:

ftp://ftp.horde.org/pub/imp/imp-h3-4.1.4.tar.gz
http://ftp.horde.org/pub/imp/imp-h3-4.1.4.tar.gz

Patches against version H3 (4.1.3) are available at:

ftp://ftp.horde.org/pub/imp/patches/patch-imp-h3-4.1.3-h3-4.1.4.gz
http://ftp.horde.org/pub/imp/patches/patch-imp-h3-4.1.3-h3-4.1.4.gz

Or, for quicker access, download from your nearest mirror:

http://www.horde.org/mirrors.php

MD5 sums for the packages are as follows:

dd2fd1c5a2a4b9fae75dd1bc5751f25d imp-h3-4.1.4.tar.gz
3e19dc0a0f90c08dfba1f7e7575be61c patch-imp-h3-4.1.3-h3-4.1.4.gz

Have fun!
The Horde Team.

Original advisory:
http://lists.horde.org/archives/announce/2007/000316.html



Share this content:
        
Advertisements
Home | News | Articles | Advisories | Submit | Alerts | Links | What is XSS | About | Contact | Some Rights Reserved.