Your message dated Sat, 25 Apr 2020 15:02:13 +0000 with message-id <e1jsmjp-0007xv...@fasolo.debian.org> and subject line Bug#951537: fixed in php-horde-data 2.1.4-5+deb10u1 has caused the Debian Bug report #951537, regarding php-horde-data: CVE-2020-8518 to be marked as done.
This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 951537: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=951537 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
--- Begin Message ---Source: php-horde-data Version: 2.1.4-6 Severity: grave Tags: security upstream Justification: user security hole Control: found -1 2.1.4-5 Control: found -1 2.1.4-3 Hi, The following vulnerability was published for php-horde-data. CVE-2020-8518[0]: | Horde Groupware Webmail Edition 5.2.22 allows injection of arbitrary | PHP code via CSV data, leading to remote code execution. If you fix the vulnerability please also make sure to include the CVE (Common Vulnerabilities & Exposures) id in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2020-8518 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-8518 [1] https://lists.horde.org/archives/announce/2020/001285.html Regards, Salvatore
--- End Message ---
--- Begin Message ---Source: php-horde-data Source-Version: 2.1.4-5+deb10u1 Done: robe...@debian.org (Roberto C. Sanchez) We believe that the bug you reported is fixed in the latest version of php-horde-data, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 951...@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Roberto C. Sanchez <robe...@debian.org> (supplier of updated php-horde-data package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmas...@ftp-master.debian.org) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Fri, 10 Apr 2020 19:57:00 -0400 Source: php-horde-data Architecture: source Version: 2.1.4-5+deb10u1 Distribution: buster Urgency: high Maintainer: Horde Maintainers <team+debian-horde-t...@tracker.debian.org> Changed-By: Roberto C. Sanchez <robe...@debian.org> Closes: 951537 Changes: php-horde-data (2.1.4-5+deb10u1) buster; urgency=high . * Fix CVE-2020-8518: The Horde Application Framework contained a remote code execution vulnerability. An authenticated remote attacker could use this flaw to cause execution of uploaded CSV data. (Closes: #951537) Checksums-Sha1: ff756513d656a2f52781c74b8d8f54943a3568af 2081 php-horde-data_2.1.4-5+deb10u1.dsc 12970d9408efa26d6642a102efe6a7b1017a945c 44351 php-horde-data_2.1.4.orig.tar.gz d6dfd52ad0016296eb05058a3e7edf97f31d4369 3532 php-horde-data_2.1.4-5+deb10u1.debian.tar.xz 9eb2410d64dc2e6c375ee24924c7598e527c311b 5843 php-horde-data_2.1.4-5+deb10u1_amd64.buildinfo Checksums-Sha256: 4631ac4bf29b816de69026c02a8ec0f5accf1c6a7115578dfedd25619ed8f75b 2081 php-horde-data_2.1.4-5+deb10u1.dsc 6f64e8382bad1416bc44e011b538b7a31f2614c3ff73dacc48ff1490f7de3c03 44351 php-horde-data_2.1.4.orig.tar.gz 663a733015377b544d7562a36b324fc2d2d1893a586e790925432d8d4f4e07b8 3532 php-horde-data_2.1.4-5+deb10u1.debian.tar.xz 9f03c65370f9c14c861570caf8d77d392f0170a19d3116c82ffe36cc93bde839 5843 php-horde-data_2.1.4-5+deb10u1_amd64.buildinfo Files: 8804744fc9fc0a4ca0fe0e0c6c2ad430 2081 php optional php-horde-data_2.1.4-5+deb10u1.dsc a92ecf34355fa5156f91ef6f3da9cab8 44351 php optional php-horde-data_2.1.4.orig.tar.gz 47642231f13dcf04052db3e7ab177f10 3532 php optional php-horde-data_2.1.4-5+deb10u1.debian.tar.xz 8f004a460219b9652089b78bac2bf560 5843 php optional php-horde-data_2.1.4-5+deb10u1_amd64.buildinfo -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEEz9ERzDttUsU/BH8iLNd4Xt2nsg8FAl6TE3kACgkQLNd4Xt2n sg8CEw//VwZ41JHtMptdnSMtfdU26Czcdn6W1xh97xWAH60splQsfPWWZ8/P+ebE h8SEYD2f3ojqvAAvGa+TJu0lLAs3Yf+8zMXr7D9D8hd/pVSid+zev8kWb0HoDdF+ 24wPZ423AHNuMRtNvrE/tKUzN8mJgA5zxJsTosf17e6j4epTjNgyYXSGtpDgojTP eg+VQ+ZTNG9iQZdlrF1/JoA7YNJs9sY2JBJ61q4+nmZ+oV/H5GfgyImO5iU00y6m FDzApte0OjbQKO0nVNuksDQDzsgOW9dO+CgL2mtRcdX+i4ZJqIJYw3o+/tFjLfUG cKQJ4BqZsX1is5XS5TKdWo9zqG2CUrT1fNNc1n3kmaI5zFu6mTzIHwY9bv7525sI XloYmhM3HrssZ6WjJpUEIUjLxJOTb4YG2mXemzsPLrU5z8IkVN2LOo4g7JyX71jj Yfl77iEDKeADFh2d1yl8bI5hbX2St/O1FfGJGY8YGpmLRbC5XVxjv8cdtY43eWyl l1Qj9j06XtqMyboFIVRjS3UFLrWzliwj4c8dKJsZtbFguM4JCFKEAcRP4FiPN8SP 5Rb3XmizygQLV+7U6KX8VPzTuVVbkknpyry3Ukyv7DxxIktvkAPYkrOW+HXrXm/f 5xfej7ii3/MKpnC6zhtmy9M339dt3Ft1uqK2CvoW/jO31wIRGAQ= =94+n -----END PGP SIGNATURE-----
--- End Message ---
