Page 4 of 4

Re: CVE-2017-8802 Zimbra Collaboration Suite - Stored Cross-Site Scripting

Posted: Mon Feb 12, 2018 8:33 am
by Klug
Hello David (nice first name, you can trust me on that) and welcome on the forum.

Thank you for the clarifications and fixes about the patch and release notes.

I still cannot access, with my bugzilla account, bugs #108265 or #107925 (the two I've tried).

Re: CVE-2017-8802 Zimbra Collaboration Suite - Stored Cross-Site Scripting

Posted: Tue Feb 13, 2018 1:13 pm
by David Bingham
Klug wrote:
I still cannot access, with my bugzilla account, bugs #108265 or #107925 (the two I've tried).


In many cases where the bug report includes details of an exploit, as for those two, publication before people have had a chance to patch or upgrade isn't responsible. Now that we have the fixes for those two available in all supported versions, we will be able to open them up, after a sufficient delay (30 days) for folks to patch or upgrade.

Cheers,
David. (yeah, it's a cool name!)

Re: CVE-2017-8802 Zimbra Collaboration Suite - Stored Cross-Site Scripting

Posted: Mon Feb 19, 2018 2:06 pm
by eloy.fernandez
David Bingham wrote:
Klug wrote:
I still cannot access, with my bugzilla account, bugs #108265 or #107925 (the two I've tried).


In many cases where the bug report includes details of an exploit, as for those two, publication before people have had a chance to patch or upgrade isn't responsible. Now that we have the fixes for those two available in all supported versions, we will be able to open them up, after a sufficient delay (30 days) for folks to patch or upgrade.

Cheers,
David. (yeah, it's a cool name!)


Hi David, any idea when 8.7.11_Patch1 will be released?