[Git][security-tracker-team/security-tracker][master] CVE-2022-26874/php-horde-mime-viewer - Add addtional patch

[Tobias Frost (@tobi)]

Tobias Frost pushed to branch master at Debian Security Tracker / security-tracker


Commits:
d30cd849 by Tobias Frost at 2024-10-19T17:37:48+02:00
CVE-2022-26874/php-horde-mime-viewer - Add addtional patch

https://github.com/horde/Mime_Viewer/commit/86f4f265adc45c39f891dea4ba5f22fb2a338618 fixed only one code path,
https://github.com/horde/Mime_Viewer/commit/02b46cec1a7e8f1a6835b628850cd56b85963bb5 is additionally required.

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -210325,6 +210325,7 @@ CVE-2022-26874 (lib/Horde/Mime/Viewer/Ooo.php in Horde Mime_Viewer before 2.2.4
 	- php-horde-mime-viewer 2.2.4+debian0-1
 	NOTE: https://blog.sonarsource.com/horde-webmail-account-takeover-via-email/
 	NOTE: Introduced by: https://github.com/horde/Mime_Viewer/commit/325a7ae2663dd9c50e85fe515033454669f16f28
+	NOTE: Fixed by: https://github.com/horde/Mime_Viewer/commit/86f4f265adc45c39f891dea4ba5f22fb2a338618 (2.2.3, partially fixed only.)
 	NOTE: Fixed by: https://github.com/horde/Mime_Viewer/commit/02b46cec1a7e8f1a6835b628850cd56b85963bb5 (2.2.4)
 CVE-2022-25762 (If a web application sends a WebSocket message concurrently with the W ...)
 	- tomcat9 9.0.22-1



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/d30cd8497e2665fb65f6058e253d1d8f182947ac

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/d30cd8497e2665fb65f6058e253d1d8f182947ac
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20241019/a0cef7cf/attachment.htm>