Your message dated Thu, 05 Nov 2015 15:55:30 +0000 with message-id <e1zumss-0004kb...@franck.debian.org> and subject line Bug#803641: fixed in php-horde 5.2.1+debian0-2+deb8u2 has caused the Debian Bug report #803641, regarding php-horde: Multiple CSRF Vulnerabilities to be marked as done.
This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 803641: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=803641 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
--- Begin Message ---Package: php-horde Version: 5.2.1+debian0-2+deb8u1 Severity: normal Dear Maintainer, there are some multiple CSRF vulnerabilities in Horde that were recently discovered[1]. The new version (5.2.8) in testing/unstable fixes this problem. But the problem still exists for stable's version. I would be nice to have a fixed version in stable too. Thanks for your great work on the Horde packages! [1] https://www.htbridge.com/advisory/HTB23272
--- End Message ---
--- Begin Message ---Source: php-horde Source-Version: 5.2.1+debian0-2+deb8u2 We believe that the bug you reported is fixed in the latest version of php-horde, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 803...@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Mathieu Parent <sath...@debian.org> (supplier of updated php-horde package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmas...@ftp-master.debian.org) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Format: 1.8 Date: Mon, 02 Nov 2015 08:02:11 +0100 Source: php-horde Binary: php-horde Architecture: source all Version: 5.2.1+debian0-2+deb8u2 Distribution: jessie-security Urgency: high Maintainer: Horde Maintainers <pkg-horde-hack...@lists.alioth.debian.org> Changed-By: Mathieu Parent <sath...@debian.org> Description: php-horde - ${phppear:summary} Closes: 803641 Changes: php-horde (5.2.1+debian0-2+deb8u2) jessie-security; urgency=high . * Add session token checking to various admin pages (Closes: #803641) Checksums-Sha1: eab4be26c98e03779937aa156e33fd581ebb4a6b 2040 php-horde_5.2.1+debian0-2+deb8u2.dsc 4466f236b858e4df90244ec54a56ec1aa1f06b70 2817918 php-horde_5.2.1+debian0.orig.tar.gz 7790f54066188d180af3b47d9578d35f71d9169b 13152 php-horde_5.2.1+debian0-2+deb8u2.debian.tar.xz 9678353668f81a30aea94d55f0756ce8d6fb4005 1684648 php-horde_5.2.1+debian0-2+deb8u2_all.deb Checksums-Sha256: 41ff977f95090ab141cad73ee5362922e996fc723af20161f3ab9eca29719d7d 2040 php-horde_5.2.1+debian0-2+deb8u2.dsc 2d458e1fcbb63eeb587afde4656dd8bdfb090dd1101567f1657fbfb4b4156cfe 2817918 php-horde_5.2.1+debian0.orig.tar.gz 6078cee0c2fd26651eb0d0b9f0c6e0403cab41deae42cfb0ae878a29c2be3eb0 13152 php-horde_5.2.1+debian0-2+deb8u2.debian.tar.xz dbefc86b9cafaa5ae2ade51c83fe5056daebf1c30d1239502ec795dc56ac1977 1684648 php-horde_5.2.1+debian0-2+deb8u2_all.deb Files: aee4601926a5d290119e3b92e4c4e710 2040 php extra php-horde_5.2.1+debian0-2+deb8u2.dsc 0a7208ac6f708934bda2e5bd0bef9dba 2817918 php extra php-horde_5.2.1+debian0.orig.tar.gz ef7e910526371bf2075c473040b96f6b 13152 php extra php-horde_5.2.1+debian0-2+deb8u2.debian.tar.xz 27132dbebc3beffaa3c6146b48a8898f 1684648 php extra php-horde_5.2.1+debian0-2+deb8u2_all.deb -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIcBAEBCAAGBQJWORXhAAoJEK4DmARmaB+l+5IP/iZYihoAh8D4e+KB0nnYREuj 3W+tnPbjp1+cvYGjR5Xv6i9qhNyhGE/S5NTQpsF3A4pL6hEGFyR3keZXviUmw1cj m5TtOFjePJRzp+abb4CzR40McQ1PaD60Jgo2McHuCyjMDHWQNF9EHu6A359ruUrH fWdYrWVJunwZ1Ww8gwvJUexibNkMRcoxJ25aO+28K4KulNrc7akgApf/Q5+hkc6K zwX6S+gkxex5B9BI5hBFHGLorHf3TgV+kJ2G+azUoXVR+7Dd9GXlA2XvjzkqWwk3 xDEMLn9sV5n6IZbRq1vrZEi0VCGEKHvyGPIMCkSVENbtexh0stJSa0BLeE8CyfyR fyCUwxp/UiEp9eza5SIXNQ+X3xK8tqQvdsPO3rC8jvmLIFoywCSeRuIo4QdIjngr +ZZqu02CRKfhUHSF7LrzhFL/fviYj7eToiRb5NEvnNf0qaSHt8DW3thv1H8FTmki WH3+dx9nQ/d17XaIE/yRU+DAirKNrxJV2d8dChqSb5WJjbOExCg5uQGxwN09L1Mg NrbpsXt7bjt3jlvwdWhihKdU0HXjhha9oceQg6acemm39rdY4avCGafmr2zwY05e e1boNTpDfHBltV6N2YawywRn2Tmk38sujuWEvnL4E5qgU6oFuW1/MV5Vze8m0K0V sGrBLeLiceNR2hLJneQH =SlE8 -----END PGP SIGNATURE-----
--- End Message ---
