Debian alert DLA-1535-1 (php-horde)
| From: | Markus Koschany <apo@debian.org> | |
| To: | debian-lts-announce@lists.debian.org | |
| Subject: | [SECURITY] [DLA 1535-1] php-horde security update | |
| Date: | Mon, 8 Oct 2018 00:06:21 +0200 | |
| Message-ID: | <0a21f3a7-4f72-ff45-8783-299f4f7449b0@debian.org> |
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Package : php-horde Version : 5.2.1+debian0-2+deb8u4 CVE ID : CVE-2017-16907 Debian Bug : 909739 It was discovered that the Horde Application Framework written in PHP was affected by a Cross-site scripting vulnerability via the Color field in a Create Task List action. This may be used by attackers to bypass access controls. For Debian 8 "Jessie", this problem has been fixed in version 5.2.1+debian0-2+deb8u4. We recommend that you upgrade your php-horde packages. Further information about Debian LTS security advisories, how to apply these updates to your system and frequently asked questions can be found at: https://wiki.debian.org/LTS -----BEGIN PGP SIGNATURE----- iQKTBAEBCgB9FiEErPPQiO8y7e9qGoNf2a0UuVE7UeQFAlu6g1xfFIAAAAAALgAo aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEFD RjNEMDg4RUYzMkVERUY2QTFBODM1RkQ5QUQxNEI5NTEzQjUxRTQACgkQ2a0UuVE7 UeT23g/7B+eJYcx1NsE0NrYxg+1fafj6bP05hyXp2N26B/C5KPGpVqMzvuPX9IK2 M9YPoC11gujHhGOYnp/atYrJlkzdmp/UppAbdOojCYp+HUPQPiz3GxFM9d3cwfHk LijVQFl2rLEkK5qwF13fs4EHJimaResAJ6FhuoIUvf1nFrI/UHZn4wAkc7Q7sj06 BaWZO9XaQhNwUmGdl0YbsTer1/Td0aHm75+ZrTABo+aPno+UBt5UKkJEiVSePbiq 8KD94RihpPXy1QOA9POEMd7ENYVhl4fBpo7Ho/CgyBk6uz17bfuALPEhtVftziK3 mgs3Ho0+Gyh0c3Q+nDa9cz8j9dJHJ+zUcbHvuOo1lCFTNJtuoCdC12mVf0CiKmhs ZJK7Y4Wcl+IjxUDQCq+GS33er19UURtB7z1BjqcPs1cliANKWcNvpyxa/jOvySML 1Cqo1eHPQ1fYvlr6bZwDeTOP+epwCeV6olsWXGs6S34MsTgOtocnAnRvZtAA4nlB hay34/7kH5dS4OGrADQ5HbGeiU66BakPuj76zDfCGwYJsFLkFIb/H0ta4RoDcApA sDXrYiErby3TfOgSoChEZ1x9fLrCNQfk2dFdEcqm+aWnnjJFpjPK8Afm5lRtOUDC 2dDCmfgh07XyvpWuPTrQN+h7ml1WDDHYMCJbq+08Lk+nwJpPe6g= =qfks -----END PGP SIGNATURE-----