Oval Definition:	oval:org.mitre.oval:def:13021
Revision Date: 2014-06-23 Version: 20 Title: DSA-1829-1 sork-passwd-h3 -- insufficient input sanitising Description: It was discovered that sork-passwd-h3, a Horde3 module for users to change their password, is prone to a cross-site scripting attack via the backend parameter. For the oldstable distribution, this problem has been fixed in version 3.0-2+etch1. For the stable distribution, this problem has been fixed in version 3.0-2+lenny1. For the testing distribution, this problem will be fixed soon. For the unstable distribution, this problem has been fixed in version 3.1-1.1. We recommend that you upgrade your sork-passwd-h3 packages. Family: unix Class: patch Status: ACCEPTED Reference(s): CVE-2009-2360 DSA-1829-1 Platform(s): Debian GNU/Linux 4.0 Debian GNU/Linux 5.0 Product(s): sork-passwd-h3 Definition Synopsis Release section Debian GNU/Linux 5.0 is installed AND Installed architecture is all AND sork-passwd-h3 DPKG is earlier than 3.0-2+lenny1 OR Release section Debian GNU/Linux 4.0 is installed. AND Installed architecture is all AND sork-passwd-h3 DPKG is earlier than 3.0-2+etch1
BACK