[Secure-testing-team] Bug#865647: php-horde-ingo: XSS vulnerability in rule search
Philip Frei
debugs at systemausfall.org
Fri Jun 23 13:19:47 UTC 2017
Package: php-horde-ingo
Version: 3.2.13-1
Severity: normal
Tags: security
Dear maintainer,
thanks for your efforts to update all Horde packages for stretch.
There's one open security problem left. Fix can be found at
https://github.com/horde/horde/commit/6854284a647f360f358b4739e4df65a9cd814664
kind regards,
Philip
-- System Information:
Debian Release: 9.0
APT prefers stable
APT policy: (500, 'stable')
Architecture: amd64 (x86_64)
Kernel: Linux 4.9.0-3-amd64 (SMP w/4 CPU cores)
Locale: LANG=de_DE.utf8, LC_CTYPE=de_DE.utf8 (charmap=UTF-8), LANGUAGE=de_DE.utf8 (charmap=UTF-8)
Shell: /bin/sh linked to /usr/bin/dash
Init: systemd (via /run/systemd/system)
Versions of packages php-horde-ingo depends on:
ii php-common 1:49
pn php-horde <none>
pn php-horde-auth <none>
pn php-horde-autoloader <none>
pn php-horde-core <none>
pn php-horde-exception <none>
pn php-horde-form <none>
pn php-horde-group <none>
pn php-horde-imap-client <none>
pn php-horde-mime <none>
pn php-horde-perms <none>
pn php-horde-share <none>
pn php-horde-util <none>
pn php-horde-view <none>
ii php7.0-cli [php-cli] 7.0.19-1
Versions of packages php-horde-ingo recommends:
pn php-horde-vfs <none>
pn php-net-sieve <none>
pn php-net-socket <none>
php-horde-ingo suggests no packages.
More information about the Secure-testing-team
mailing list