Bug 872334 (CVE-2012-6640) - VUL-0: CVE-2012-6640: horde5-imp: XSS vulnerabilities triggered by opening malicious SVG attachments
Summary: VUL-0: CVE-2012-6640: horde5-imp: XSS vulnerabilities triggered by opening ma...
Status: RESOLVED FIXED
Alias: CVE-2012-6640
Product: SUSE Security Incidents
Classification: Novell Products
Component: Incidents (show other bugs)
Version: unspecified
Hardware: Other openSUSE 13.1
: P3 - Medium : Critical
Target Milestone: ---
Assignee: Ralf Lang
QA Contact: Security Team bot
URL: https://smash.suse.de/issue/97660/
Whiteboard:
Keywords:
Depends on:
Blocks:
 
Reported: 2014-04-07 12:15 UTC by Johannes Segitz
Modified: 2016-04-13 11:20 UTC (History)
5 users (show)

See Also:
Found By: Security Response Team
Services Priority:
Business Priority:
Blocker: ---
Marketing QA Status: ---
IT Deployment: ---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Comment 1 Swamp Workflow Management 2014-04-07 22:00:56 UTC 
bugbot adjusting priority
Comment 2 Marcus Meissner 2014-09-05 09:33:28 UTC 
a statement or fix of this would be nice, Ralf?
Comment 3 Victor Pereira 2015-02-18 13:53:46 UTC 
ping
Comment 4 Ralf Lang 2015-02-18 14:27:50 UTC 
Sorry, this got lost. 

- An updated version which is not affected exists in both server:php:applications and isv:b1-systems:Horde5:rolling
- These have also upgraded dependencies

Shall I do one "maint. request" against 13.1 with all packages which would need to be changed/added or shall I submit multiple maint. requests each for one package?
Comment 5 Johannes Segitz 2015-04-10 08:19:13 UTC 
(In reply to Ralf Lang from comment #4)
How much would you have to include in one request (which I would prefer)?
Comment 6 Johannes Segitz 2015-11-10 12:30:40 UTC 
ping. What packages would you need to include?
Comment 7 Johannes Segitz 2016-04-13 11:20:49 UTC 
fixed in all maintained versions