[pkg-horde] Bug#803641: Bug#803641: Bug#803641: php-horde: Multiple CSRF Vulnerabilities
Mathieu Parent
math.parent at gmail.com
Mon Nov 2 07:11:54 UTC 2015
2015-11-02 7:52 GMT+01:00 Mathieu Parent <math.parent at gmail.com>:
> Control: severity -1 important
> Control: tag -1 + confirmed upstream security patch jessie fixed-upstream fixed
> Control: fixed -1 5.2.8+debian0-1
>
>
> 2015-11-01 12:37 GMT+01:00 Philip Frei <pjf at gmx.de>:
>> Package: php-horde
>> Version: 5.2.1+debian0-2+deb8u1
>> Severity: normal
>>
>> Dear Maintainer,
>>
>> there are some multiple CSRF vulnerabilities in Horde that were recently
>> discovered[1].
>> The new version (5.2.8) in testing/unstable fixes this problem. But the
>> problem still exists for stable's version.
>> I would be nice to have a fixed version in stable too.
>
> This seems to be:
> https://github.com/horde/horde/commit/a199d74932c902844514b2a83d21e7e221257dae
>
> I will prepare an upload for next jessie point-release, unless you
> think it should go to the security mirors sooner.
I have prepared the upload to jessie-security:
http://anonscm.debian.org/cgit/pkg-horde/PEAR/php-horde.git/commit/?h=debian/jessie&id=47c6d6e6ad0836d657eee75e36ef8dbd19c843d2
To the security team: Can/Should I upload it?
Note that the Horde team doesn't provide CVEs, I've asked for it at:
http://lists.horde.org/archives/dev/Week-of-Mon-20141201/028821.html
Regards
--
Mathieu
More information about the pkg-horde-hackers
mailing list