[Git][security-tracker-team/security-tracker][master] CVE-2022-30287/php-horde-turby Note that upstream has an issue and
Tobias Frost (@tobi)
tobi at debian.org
Fri Oct 18 16:41:50 BST 2024
Tobias Frost pushed to branch master at Debian Security Tracker / security-tracker
Commits:
4afaa516 by Tobias Frost at 2024-10-18T17:41:37+02:00
CVE-2022-30287/php-horde-turby Note that upstream has an issue and
needs an additional patch
See the comment in
https://github.com/horde/turba/commit/0d1e74802dd2ff8758c5b1dd5323a0101d49897d#r75492719
Mentioned change for 4.2.27 is: https://github.com/horde/turba/commit/006affc530966704937c55611fadb1669026b9f6
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -196817,6 +196817,7 @@ CVE-2022-30287 (Horde Groupware Webmail Edition through 5.2.22 allows a reflecti
NOTE: https://lists.horde.org/archives/horde/Week-of-Mon-20220530/059225.html
NOTE: Possible alternative patch: https://github.com/horde/turba/pull/7
NOTE: Fixed by: https://github.com/horde/turba/commit/0d1e74802dd2ff8758c5b1dd5323a0101d49897d (v4.2.26)
+ NOTE: regression in above patch, needs https://github.com/horde/turba/commit/006affc530966704937c55611fadb1669026b9f6
NOTE: Fixed by: https://github.com/horde/turba/commit/3bccab322af4ae96d5925f0ce9f9af0978af924b (v4.2.26)
CVE-2022-30286 (pyscriptjs (aka PyScript Demonstrator) in PyScript through 2022-05-04 ...)
NOT-FOR-US: pyscriptjs
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/4afaa516a231813838ec8e5d6eb0f65b97172306
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/4afaa516a231813838ec8e5d6eb0f65b97172306
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20241018/8bab907a/attachment.htm>
More information about the debian-security-tracker-commits
mailing list