[Git][security-tracker-team/security-tracker][master] Reserve DLA-2350-1 for php-horde-kronolith

Mike Gabriel sunweaver at debian.org
Sat Aug 29 20:36:47 BST 2020 


Mike Gabriel pushed to branch master at Debian Security Tracker / security-tracker


Commits:
92bcaa0a by Mike Gabriel at 2020-08-29T21:36:13+02:00
Reserve DLA-2350-1 for php-horde-kronolith

- - - - -


3 changed files:

- data/CVE/list
- data/DLA/list
- data/dla-needed.txt


Changes:

=====================================
data/CVE/list
=====================================
@@ -172371,7 +172371,6 @@ CVE-2017-16909 (An error related to the "LibRaw::panasonic_load_raw()" function
 	NOTE: https://github.com/LibRaw/LibRaw/commit/2f59bac59dbcbf6bbcf01a9f3eed74307e96ca7e
 CVE-2017-16908 (In Horde Groupware 5.2.19, there is XSS via the Name field during crea ...)
 	- php-horde-kronolith 4.2.24-1 (bug #909738)
-	[stretch] - php-horde-kronolith <no-dsa> (Minor issue)
 	[jessie] - php-horde-kronolith <not-affected> (vulnerable code not present)
 	NOTE: http://code610.blogspot.com/2017/11/rce-via-xss-horde-5219.html
 	NOTE: https://bugs.horde.org/ticket/14857


=====================================
data/DLA/list
=====================================
@@ -1,3 +1,6 @@
+[29 Aug 2020] DLA-2350-1 php-horde-kronolith - security update
+	{CVE-2017-16908}
+	[stretch] - php-horde-kronolith 4.2.19-1+deb9u1
 [29 Aug 2020] DLA-2349-1 php-horde - security update
 	{CVE-2017-16907}
 	[stretch] - php-horde 5.2.13+debian0-1+deb9u3


=====================================
data/dla-needed.txt
=====================================
@@ -131,8 +131,6 @@ opendmarc
 --
 openexr (Adrian Bunk)
 --
-php-horde-kronolith (Mike Gabriel)
---
 php-horde-tream (Mike Gabriel)
 --
 puma



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/92bcaa0a32a516cbaa871688da8862ef7839ddcd

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/92bcaa0a32a516cbaa871688da8862ef7839ddcd
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20200829/507982e5/attachment-0001.html>

More information about the debian-security-tracker-commits mailing list