Sicherheit: Cross-Site Scripting in php-horde-ingo
Aktuelle Meldungen Distributionen
Name: Cross-Site Scripting in php-horde-ingo
ID: FEDORA-2015-a381facfd9
Distribution: Fedora
Plattformen: Fedora 21
Datum: Do, 5. November 2015, 08:46
Referenzen: https://bugzilla.redhat.com/show_bug.cgi?id=1277410
Applikationen: php-horde-ingo


Name        : php-horde-ingo
Product : Fedora 21
Version : 3.2.7
Release : 1.fc21
URL : http://www.horde.org/apps/ingo
Summary : An email filter rules manager
Description :
Ingo is an email-filter management application. It is fully
internationalized, integrated with Horde and the IMP Webmail client, and
supports both server-side (Sieve, Procmail, Maildrop) and client-side
(IMAP) message filtering.

Update Information:

**horde 5.2.8** * [mjr] SECURITY: Protect against CSRF attacks on various
pages. * [jan] Don't apply access keys to checkbox and radiobox rows in the
sidebar (Bug #14103). * [jan] Send correct MIME type for non-statically cached
javascript files. * [mjr] Added configuration support for version 2 of
WorldWeatherOnline's API. **ingo 3.2.7** * [jan] Update Italian
translation. * [mjr] Add database migration for fixing corrupt rule ordering. *
[mjr] Fix corruption of rule order when reordering rules in certain cases.
**imp 6.2.11** * [mjr] Request that the contacts API only consider email
when detecting duplicates during automatic saving of attendees to the address
book (Bug #14119). * [jan] Don't show 'Create Keys' button if
creating PGP keys
is disabled (steffen.hau@rz.uni-mannheim.de, Request #14096). * [mjr] Fix
displaying iTips with certain locale/date_format preference combinations (Bug
#14076). **passwd 5.0.4** * [mjr] Fix changing password using Kolab driver
(Mike Gabriel).

[ 1 ] Bug #1277410 - php-horde-horde: Multiple CSRF vulnerabilities

This update can be installed with the "yum" update program. Use
su -c 'yum update php-horde-ingo' at the command line.
For more information, refer to "Managing Software with yum",
available at https://docs.fedoraproject.org/yum/.

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
package-announce mailing list
Pro-Linux @Facebook
Neue Nachrichten