<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN" "http://www.w3.org/TR/REC-html40/loose.dtd">

<html lang="en">

<head>

<meta content="text/html; charset=US-ASCII" http-equiv="Content-Type">

<title>

GitLab

</title>

<style>img {

max-width: 100%; height: auto;

}

</style>

</head>

<body>

<div class="content">

<h3>

Salvatore Bonaccorso pushed to branch master

at <a href="https://salsa.debian.org/security-tracker-team/security-tracker">Debian Security Tracker / security-tracker</a>

</h3>

<h4>

Commits:

</h4>

<ul>

<li>

<strong><a href="https://salsa.debian.org/security-tracker-team/security-tracker/commit/479a4520d2d365c4a8972df5fc3e869e75f9dfce">479a4520</a></strong>

<div>

<span>by Salvatore Bonaccorso</span>

<i>at 2019-12-08T13:33:02Z</i>

</div>

<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Update information on CVE-2019-12094 and CVE-2019-12095

In the upstream ticket[1] some issues were mentioned which need to be

combined to make the issue exploitable.

 [1]: <https://bugs.horde.org/ticket/14926>

Upstream itself agress still that up to date adding bookmarks in Trean

is not yet CSRF protected, but is of low priority as the whole attack is

not anymore explotiable after the XSS fix in Horde 5.2.21 which *should*

match the commit 81a7b5397350 ("Fix XSS vuln in the Horde Cloud

Block.")[2] Roberto C. Sanchez found. This commit is included in 5.2.21

and matches the upstream comment.

 [2]: <https://github.com/horde/base/commit/81a7b53973506856db67e7f0b0263be29528aa75>

Thus marking for CVE-2019-12095 the newly added src:php-horde part as

fixed with 5.2.21+debian0-1 which is the first version in Debian

unstable containing the fix.

MITRE clarifies the CVE assignment as well as follows:

        The stored XSS should be considered part of the CSRF

        vulnerability in CVE-2019-12095, with the CSRF being the

        primary vulnerability. The reflected XSS vectors are all

        covered by CVE-2019-12094.

The update to the two CVE entries should now match the respective

understandings for the CVEs.

A classification of the issues is explicitly not done with this commit.

Thanks: Roberto C. Sánchez <roberto@debian.org>

</pre>

</li>

</ul>

<h4>1 changed file:</h4>

<ul>

<li class="file-stats">

<a href="#4716ef5aa8f2742228ba3b3633215c8b808565e3">

data/CVE/list

</a>

</li>

</ul>

<h4>Changes:</h4>

<li id="4716ef5aa8f2742228ba3b3633215c8b808565e3">

<a href="https://salsa.debian.org/security-tracker-team/security-tracker/commit/479a4520d2d365c4a8972df5fc3e869e75f9dfce#4716ef5aa8f2742228ba3b3633215c8b808565e3"><strong>data/CVE/list</strong></a>

<hr>

No preview for this file type

<br>

</li>

</div>

<div class="footer" style="margin-top: 10px;">

<p style="font-size: small; color: #777;">

—

<br>

<a href="https://salsa.debian.org/security-tracker-team/security-tracker/commit/479a4520d2d365c4a8972df5fc3e869e75f9dfce">View it on GitLab</a>.

<br>

You're receiving this email because of your account on salsa.debian.org.

If you'd like to receive fewer emails, you can

adjust your notification settings.

<script type="application/ld+json">{"@context":"http://schema.org","@type":"EmailMessage","action":{"@type":"ViewAction","name":"View Commit","url":"https://salsa.debian.org/security-tracker-team/security-tracker/commit/479a4520d2d365c4a8972df5fc3e869e75f9dfce"}}</script>

</p>

</div>

</body>

</html>