Mandriva issued this advisory on January 10: http://lists.mandriva.com/security-announce/2011-01/msg00004.php Our package in Cauldron is also in need of an update.
Hi, thanks for reporting this bug. As there is no maintainer for this package I added the committers in CC. (Please set the status to 'assigned' if you are working on it) maybe we should drop this one...
CC: (none) => ennael1
Fixed in mga 1 and cauldron Pushed in the BS
CC: (none) => dmorganecAssignee: bugsquad => qa-bugs
Testing complete on i586 for the srpm mhonarc-2.6.18-0.1.mga1.src.rpm Just testing that the program works. I used mhonarc -outdir /tmp /home/dave/.opera/mail/store/account18/*/*/*/* to index around 30,000 messages viewable by thread with file://localhost/tmp/threads.html or by date with file://localhost/tmp/maillist.html
CC: (none) => davidwhodgins
Ok for me too on x86_64 mhonarc -outdir . ../.local/share/evolution/mail/imap/*/folders/ml/subfolders/*/* Testing complete. Suggested Advisory: ------------- This update addresses the folloving CVE: - CVE-2010-1677 MHonArc 2.6.16 allows remote attackers to cause a denial of service (CPU consumption) via start tags that are placed within other start tags, as demonstrated by a <bo<bo<bo<bo<body>dy>dy>dy>dy> sequence, a different vulnerability than CVE-2010-4524. -CVE-2010-4524 Cross-site scripting (XSS) vulnerability in lib/mhtxthtml.pl in MHonArc 2.6.16 allows remote attackers to inject arbitrary web script or HTML via a malformed start tag and end tag for a SCRIPT element, as demonstrated by <scr<body>ipt> and </scr<body>ipt> sequences. https://bugs.mageia.org/show_bug.cgi?id=3997 ------------- SRPM: mhonarc-2.6.18-0.1.mga1.src.rpm Could sysadmin please push from core/updates_testing to core/updates Thankyou!
Keywords: (none) => validated_updateCC: (none) => sysadmin-bugs
update pushed
Status: NEW => RESOLVEDCC: (none) => tmbResolution: (none) => FIXED