Your message dated Sun, 07 Oct 2018 21:20:05 +0000 with message-id <e1g9gt7-000i7g...@fasolo.debian.org> and subject line Bug#909739: fixed in php-horde 5.2.18+debian0-1 has caused the Debian Bug report #909739, regarding php-horde: CVE-2017-16907 XSS via Color field to be marked as done.
This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 909739: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=909739 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
--- Begin Message ---Package: php-horde X-Debbugs-CC: t...@security.debian.org Severity: grave Tags: security Hi, The following vulnerability was published for php-horde. CVE-2017-16907[0]: | In Horde Groupware 5.2.19 and 5.2.21, there is XSS via the Color field | in a Create Task List action. If you fix the vulnerability please also make sure to include the CVE (Common Vulnerabilities & Exposures) id in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2017-16907 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16907 Please adjust the affected versions in the BTS as needed. Regards, Markus
signature.asc
Description: OpenPGP digital signature
--- End Message ---
--- Begin Message ---Source: php-horde Source-Version: 5.2.18+debian0-1 We believe that the bug you reported is fixed in the latest version of php-horde, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 909...@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Mathieu Parent <sath...@debian.org> (supplier of updated php-horde package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmas...@ftp-master.debian.org) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Format: 1.8 Date: Sun, 07 Oct 2018 22:55:19 +0200 Source: php-horde Binary: php-horde Architecture: source all Version: 5.2.18+debian0-1 Distribution: unstable Urgency: medium Maintainer: Horde Maintainers <team+debian-horde-t...@tracker.debian.org> Changed-By: Mathieu Parent <sath...@debian.org> Description: php-horde - Closes: 909739 Changes: php-horde (5.2.18+debian0-1) unstable; urgency=medium . * New upstream version 5.2.18+debian0 - Update patch * Fix CVE-2017-16907 XSS via Color field (Closes: #909739) Checksums-Sha1: d7d2de152544a7f4e9b76c99ee5b1e2b1e145250 2041 php-horde_5.2.18+debian0-1.dsc 18784a0ef9064c2d78e44abf533c49a075307e51 3007484 php-horde_5.2.18+debian0.orig.tar.gz 528469d6fefe20e74fa873d273739c75b1e95c49 8560 php-horde_5.2.18+debian0-1.debian.tar.xz 3b51cba2eb63d2882b56264791145ba018d73417 1876896 php-horde_5.2.18+debian0-1_all.deb 14150071c97d114cab325e410111525567bb175f 6208 php-horde_5.2.18+debian0-1_amd64.buildinfo Checksums-Sha256: 16aa8c209bb26c2d995ce187597870df0a30a79a42bc44828927fa5ed78a9820 2041 php-horde_5.2.18+debian0-1.dsc 5e0c3d5d22bf658a8ca546de0d96dca58bd17388240752133605a35869df0e51 3007484 php-horde_5.2.18+debian0.orig.tar.gz 7f910e170fca47f3c7eba50ee26f2c1a26a6e66a8d364ed294a5f53c3820acd1 8560 php-horde_5.2.18+debian0-1.debian.tar.xz 39b12231d0842b82df8b00b58b4cf941bdfd78fc4b37ae01d7bfacd7a3e1ab56 1876896 php-horde_5.2.18+debian0-1_all.deb 213678052fc81dca073aa12cdd05d27eb5b1ac0dac7e91997718c2fc84e97506 6208 php-horde_5.2.18+debian0-1_amd64.buildinfo Files: d6f189cbf5d655239eaa51afd2b8917c 2041 php optional php-horde_5.2.18+debian0-1.dsc 2b069d4023c41319a2cd87232728ab53 3007484 php optional php-horde_5.2.18+debian0.orig.tar.gz a825bef5b2ad040306871801e8510723 8560 php optional php-horde_5.2.18+debian0-1.debian.tar.xz 97abb5683f9e9d3fea8300a85695f3a0 1876896 php optional php-horde_5.2.18+debian0-1_all.deb 7791f73715abf715f0ea26a4ad550ae3 6208 php optional php-horde_5.2.18+debian0-1_amd64.buildinfo -----BEGIN PGP SIGNATURE----- iQJHBAEBCAAxFiEEqIGbPTP9weQZ135HrgOYBGZoH6UFAlu6dUcTHHNhdGhpZXVA ZGViaWFuLm9yZwAKCRCuA5gEZmgfpWTED/9yBaj23RWuDqUTkiF4/Stt14oGtJsh Wh4Ciwkde3kbslAuqwmDOBTi+8RQuUqt30qj/6bNZFF5PtxP78Y5L38w12HhaMzJ nbHJ0H8E7mZVdXP8UXYan7cSj5PElewC5HoGcyHqgVbTy5g8KJKC0RYofxDDjNHY 90gjxoAwnqLNwW65b05p/FGqgzQyBpPG//hB+tpFGkGoet5ieALGKSdL6FNZUGoG r6UKLuKVNX+IFWaUe2nEAIDx91dHA9TLgYB2rzbP2agJNplriR9wbtWAj8JSF1AC yVq6Giv/DtkUvx/cmBup3xeJOWIbZ1fStn48k5YNrHwPtSQ5KrsDgtRchUcUqjYe vuoAmtAg1OrN9LMg0zS+CHpps/3cV3m1Z386A4r2NCPUnAcY4XKPkHbHg2BQzaHe +bz7i8mthWmBA7irIRPupgkrPeZVZNs+Vr3AzRSfvQP83hxdANexN/5xVJ3dMtL0 nuKH8tSh/Bf6g5lPdaml5xyan1SIxG22yuAsegYLW6hnm0gg2MhQeyiSnrRaEPFu te4yYYaVUF/AmRNwyTQG5pIKog8MaLqBsF16mfENdvf/sCP/7aRVa8FWCTyHH67X 34vokYHp9F97eOE8YjIh+SThDKphgaZFe7RotfJDJTs5udX9gCnl7odxMr2c0oWR 7GdZCLQ38l9stw== =20LD -----END PGP SIGNATURE-----
--- End Message ---
