Lucene search

GoogleOSV:DSA-700-1

HistoryMar 30, 2005 - 12:00 a.m.

mailreader - missing input sanitising

2005-03-3000:00:00

Google

osv.dev

4.3 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

JSON

Ulf HĂ¤rnhammar from the Debian Security Audit Project discovered a
cross-site scripting problem in mailreader, a simple, but powerful WWW
mail reader system, when displaying messages of the MIME types
text/enriched or text/richtext.

For the stable distribution (woody) this problem has been fixed in
version 2.3.29-5woody2.

For the unstable distribution (sid) this problem has been fixed in
version 2.3.29-11.

We recommend that you upgrade your mailreader package.

CPENameOperatorVersion
mailreadereq2.3.29-5woody1

CPE	Name	Operator	Version
	mailreader	eq	2.3.29-5woody1

References

www.debian.org/security/2005/dsa-700

4.3 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

JSON

Related for OSV:DSA-700-1