Fixes:
CVE-2010-1677: DoS when processing html messages with deep nesting
CVE-2010-4524: Improper escaping of certain HTML sequences (XSS)
Specially crafted <base href> can lead to XSS exploit (bug id #32080)
From Christian Rueger (MAINTAINER)
Security bugfixes (surprise, surprise..):
Cross-site scripting vulnerabilities in the HTML filter were fixed.
A parsing bug was fixed where malformed address fields can cause
MHonArc to hang.
--
This version includes much improved character encoding support,
including support for Japanese, Chinese, UTF-8, and other encodings.
The flowed text conversion was improved.
There are security enhancements, mail address rewriting in message
bodies, and other new features and bugfixes.
Changelog: http://www.mhonarc.org/MHonArc/CHANGES
--
SECURITY fix:
A cross-site scripting (XSS) vulnerability has been discovered for
all versions of MHonArc upto, and including, v2.5.13. A specially
crafted HTML mail message can introduce foreign scripting content
in archives, by-passing MHonArc's HTML script filtering.
brad@ ok
--
MHonArc is a Perl mail-to-HTML converter. MHonArc provides HTML
mail archiving with index, mail thread linking, etc; plus other
capabilities including support for MIME and powerful user customization
features.