[Git][security-tracker-team/security-tracker][master] Reserve DLA-2348-1 for php-horde-core

Mike Gabriel sunweaver at debian.org
Sat Aug 29 16:37:19 BST 2020



Mike Gabriel pushed to branch master at Debian Security Tracker / security-tracker


Commits:
c0056003 by Mike Gabriel at 2020-08-29T17:36:49+02:00
Reserve DLA-2348-1 for php-horde-core

- - - - -


3 changed files:

- data/CVE/list
- data/DLA/list
- data/dla-needed.txt


Changes:

=====================================
data/CVE/list
=====================================
@@ -172381,7 +172381,6 @@ CVE-2017-16907 (In Horde Groupware 5.2.19 and 5.2.21, there is XSS via the Color
 	- php-horde 5.2.18+debian0-1 (bug #909739)
 	[stretch] - php-horde <no-dsa> (Minor issue)
 	- php-horde-core 2.31.3+debian0-1 (bug #909800)
-	[stretch] - php-horde-core <no-dsa> (Minor issue)
 	NOTE: http://code610.blogspot.com/2017/11/rce-via-xss-horde-5219.html
 	NOTE: https://bugs.horde.org/ticket/14857
 	NOTE: php-horde: https://github.com/horde/base/commit/fb2113bbcd04bd4a28c46aad0889fb0a3979a230


=====================================
data/DLA/list
=====================================
@@ -1,3 +1,6 @@
+[29 Aug 2020] DLA-2348-1 php-horde-core - security update
+	{CVE-2017-16907}
+	[stretch] - php-horde-core 2.27.6+debian1-2+deb9u1
 [28 Aug 2020] DLA-2347-1 libvncserver - security update
 	{CVE-2019-20839 CVE-2020-14397 CVE-2020-14399 CVE-2020-14400 CVE-2020-14401 CVE-2020-14402 CVE-2020-14403 CVE-2020-14404 CVE-2020-14405}
 	[stretch] - libvncserver 0.9.11+dfsg-1.3~deb9u5


=====================================
data/dla-needed.txt
=====================================
@@ -133,8 +133,6 @@ openexr (Adrian Bunk)
 --
 php-horde (Mike Gabriel)
 --
-php-horde-core (Mike Gabriel)
---
 php-horde-kronolith (Mike Gabriel)
 --
 php-horde-tream (Mike Gabriel)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/c0056003e9cd45e082727bcd1fc50104ef0b4c25

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/c0056003e9cd45e082727bcd1fc50104ef0b4c25
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20200829/ec893b81/attachment.html>


More information about the debian-security-tracker-commits mailing list