[Git][security-tracker-team/security-tracker][master] CVE-2022-30287/php-horde-turby Note that upstream has an issue and

Tobias Frost (@tobi) tobi at debian.org
Fri Oct 18 16:41:50 BST 2024



Tobias Frost pushed to branch master at Debian Security Tracker / security-tracker


Commits:
4afaa516 by Tobias Frost at 2024-10-18T17:41:37+02:00
CVE-2022-30287/php-horde-turby Note that upstream has an issue and
needs an additional patch

See the comment in
https://github.com/horde/turba/commit/0d1e74802dd2ff8758c5b1dd5323a0101d49897d#r75492719
Mentioned change for 4.2.27 is: https://github.com/horde/turba/commit/006affc530966704937c55611fadb1669026b9f6

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -196817,6 +196817,7 @@ CVE-2022-30287 (Horde Groupware Webmail Edition through 5.2.22 allows a reflecti
 	NOTE: https://lists.horde.org/archives/horde/Week-of-Mon-20220530/059225.html
 	NOTE: Possible alternative patch: https://github.com/horde/turba/pull/7
 	NOTE: Fixed by: https://github.com/horde/turba/commit/0d1e74802dd2ff8758c5b1dd5323a0101d49897d (v4.2.26)
+	NOTE: regression in above patch, needs https://github.com/horde/turba/commit/006affc530966704937c55611fadb1669026b9f6
 	NOTE: Fixed by: https://github.com/horde/turba/commit/3bccab322af4ae96d5925f0ce9f9af0978af924b (v4.2.26)
 CVE-2022-30286 (pyscriptjs (aka PyScript Demonstrator) in PyScript through 2022-05-04  ...)
 	NOT-FOR-US: pyscriptjs



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/4afaa516a231813838ec8e5d6eb0f65b97172306

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/4afaa516a231813838ec8e5d6eb0f65b97172306
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20241018/8bab907a/attachment.htm>


More information about the debian-security-tracker-commits mailing list