1. Forum
  2. Usenet
  3. LINUX.DEBIAN.ANNOUNCE.SEC

  • [SECURITY] [DSA 4468-1] php-horde-form security update

    From Salvatore Bonaccorso@1:229/2 to All on Fri Jun 21 10:30:01 2019
    From: [email protected]

    -----BEGIN PGP SIGNED MESSAGE-----
    Hash: SHA512

    - ------------------------------------------------------------------------- Debian Security Advisory DSA-4468-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso
    June 21, 2019 https://www.debian.org/security/faq
    - -------------------------------------------------------------------------

    Package : php-horde-form
    CVE ID : CVE-2019-9858
    Debian Bug : 930321

    A path traversal vulnerability due to an unsanitized POST parameter was discovered in php-horde-form, a package providing form rendering,
    validation, and other functionality for the Horde Application Framework.
    An attacker can take advantage of this flaw for remote code execution.

    For the stable distribution (stretch), this problem has been fixed in
    version 2.0.15-1+deb9u1.

    We recommend that you upgrade your php-horde-form packages.

    For the detailed security status of php-horde-form please refer to its
    security tracker page at: https://security-tracker.debian.org/tracker/php-horde-form

    Further information about Debian Security Advisories, how to apply
    these updates to your system and frequently asked questions can be
    found at: https://www.debian.org/security/

    Mailing list: [email protected]
    -----BEGIN PGP SIGNATURE-----

    iQKTBAEBCgB9FiEERkRAmAjBceBVMd3uBUy48xNDz0QFAl0MkOFfFIAAAAAALgAo aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDQ2 NDQ0MDk4MDhDMTcxRTA1NTMxRERFRTA1NENCOEYzMTM0M0NGNDQACgkQBUy48xND z0SW5A/9E7S6A7CA8KgwvxXf6rUrtrFfl1x8JW/yb/IIvIPRBCT23+5tSKeTbj5U +i4530dWMi7EK9WWH15gwySKIRs+8MtVU+HfbFcUjZbRr7S/UoTw93iu1rca8q1S FDTHNIy96XkKJFUIb488PRnkjNTKn7zXGY37qLqfsi4aAIbE7uGa8dMGxoiWcuv9 rAZhZwv7Ie3lhWRTun8OZCeYXx8AnkrQX+5FzPpDTfGjJyAwUZca78cTUYCMhEgS 2kOOJzx9U2QJcNKv+kEPojfImZkve/a8zMObSr7ouklpUsTayQNpliovMK3WYaLc QjyAbTLoxi2/MmtvhjdGpwj6Gpagg01KuNhXRaVGeq9e/HFeUlUW53G+Zh6gCh7K CMsU8bAETc+7uIm14Mwfdlv1/LVF1kl2a4OzfObj0ohIXIkwUbKfgO3GWcJFka2l OcEFu+GzgOt/AtPCoV8JCfvjPvJwDRqhTMgQxsMhQ/HayG/wZtkFE5sl93wbloPQ sqnv2eAvLmbK5p//PB3tkaO2py9XrofBF5o/BAfZexMgTO++PtnYUdQPAlTz8yn+ zZegX8TZTwlzodIISCaNOY+Dd6fnzZpo1Gq6JNOBxq6q1TR2YqvCLlkzjnfysOk6 aoIoAv2xyHepww5lg0igntzZszS8d341qpTxq8gLL80zPuuQW/k=
    =3DIh
    -----END PGP SIGNATURE-----

    --- SoupGate-Win32 v1.05
    * Origin: you cannot sedate... all the things you hate (1:229/2)