[Git][security-tracker-team/security-tracker][master] CVE-2025-30349: doesn't affect php-horde, only php-horde-imp

Sylvain Beucler (@beuc) gitlab at salsa.debian.org
Thu Apr 3 09:39:24 BST 2025 


Sylvain Beucler pushed to branch master at Debian Security Tracker / security-tracker


Commits:
c3c90ce8 by Sylvain Beucler at 2025-04-03T10:39:17+02:00
CVE-2025-30349: doesn't affect php-horde, only php-horde-imp

- - - - -


2 changed files:

- data/CVE/list
- data/dla-needed.txt


Changes:

=====================================
data/CVE/list
=====================================
@@ -4894,13 +4894,12 @@ CVE-2024-13737 (The Motors \u2013 Car Dealer, Classifieds & Listing plugin for W
 CVE-2025-26796 (** UNSUPPORTED WHEN ASSIGNED ** Improper Neutralization of Input Durin ...)
 	NOT-FOR-US: Apache Oozie
 CVE-2025-30349 (Horde IMP through 6.2.27, as used with Horde Application Framework thr ...)
-	- php-horde <unfixed>
-	[bookworm] - php-horde <ignored> (Horde in Bookworm is broken due to PHP 8 issues and will be removed in the next point release)
 	- php-horde-imp <unfixed>
 	[bookworm] - php-horde-imp <ignored> (Horde in Bookworm is broken due to PHP 8 issues and will be removed in the next point release)
 	NOTE: https://web.archive.org/web/20250321152616/https://lists.horde.org/archives/imp/Week-of-Mon-20250317/057781.html
 	NOTE: https://web.archive.org/web/20250321162434/https://lists.horde.org/archives/imp/Week-of-Mon-20250317/057784.html
 	NOTE: https://github.com/horde/imp/pull/15/
+	NOTE: https://github.com/horde/imp/commit/8a89d755e0356e7785e555d85c881fd4774e973e (FRAMEWORK_5_2)
 CVE-2025-30179 (Mattermost versions 10.4.x <= 10.4.2, 10.3.x <= 10.3.3, 9.11.x <= 9.11 ...)
 	- mattermost-server <itp> (bug #823556)
 CVE-2025-30168 (Parse Server is an open source backend that can be deployed to any inf ...)


=====================================
data/dla-needed.txt
=====================================
@@ -206,7 +206,7 @@ pagure
 pgagent
   NOTE: 20250117: Added by Front-Desk (rouca)
 --
-php-horde (Sylvain Beucler)
+php-horde-imp (Sylvain Beucler)
   NOTE: 20250330: Added by Front-Desk (apo)
   NOTE: 20250330: Needs more investigation. Project looks stale. Warrants a
   NOTE: 20250330: warning to disable HTML emails at least. (apo)
@@ -214,10 +214,7 @@ php-horde (Sylvain Beucler)
   NOTE: 20250331: Adding buster as it's also supported.
   NOTE: 20250331: This is probably for php-horde-imp or php-horde-[lib], TBC (Beuc)
   NOTE: 20250331: PR against horde-imp now referenced in the security-tracker. (Beuc)
---
-php-horde-imp
-  NOTE: 20250331: Added by Front-Desk (Beuc)
-  NOTE: 20250331: Cf. php-horde entry (Beuc)
+  NOTE: 20250403: Patch against php-horde-imp merged upstream. (Beuc)
 --
 php-laravel-framework
   NOTE: 20250307: Added by Front-Desk (rouca)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/c3c90ce88afb5f6c82177b6a692cf5298e06db96

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/c3c90ce88afb5f6c82177b6a692cf5298e06db96
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20250403/783a7479/attachment-0001.htm>

More information about the debian-security-tracker-commits mailing list