Your message dated Sat, 25 Apr 2020 15:17:25 +0000 with message-id <e1jsmyx-000ahh...@fasolo.debian.org> and subject line Bug#951537: fixed in php-horde-data 2.1.4-3+deb9u1 has caused the Debian Bug report #951537, regarding php-horde-data: CVE-2020-8518 to be marked as done.
This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 951537: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=951537 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
--- Begin Message ---Source: php-horde-data Version: 2.1.4-6 Severity: grave Tags: security upstream Justification: user security hole Control: found -1 2.1.4-5 Control: found -1 2.1.4-3 Hi, The following vulnerability was published for php-horde-data. CVE-2020-8518[0]: | Horde Groupware Webmail Edition 5.2.22 allows injection of arbitrary | PHP code via CSV data, leading to remote code execution. If you fix the vulnerability please also make sure to include the CVE (Common Vulnerabilities & Exposures) id in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2020-8518 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-8518 [1] https://lists.horde.org/archives/announce/2020/001285.html Regards, Salvatore
--- End Message ---
--- Begin Message ---Source: php-horde-data Source-Version: 2.1.4-3+deb9u1 Done: robe...@debian.org (Roberto C. Sanchez) We believe that the bug you reported is fixed in the latest version of php-horde-data, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 951...@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Roberto C. Sanchez <robe...@debian.org> (supplier of updated php-horde-data package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmas...@ftp-master.debian.org) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Fri, 10 Apr 2020 19:58:12 -0400 Source: php-horde-data Binary: php-horde-data Architecture: source Version: 2.1.4-3+deb9u1 Distribution: stretch Urgency: high Maintainer: Horde Maintainers <pkg-horde-hack...@lists.alioth.debian.org> Changed-By: Roberto C. Sanchez <robe...@debian.org> Description: php-horde-data - ${phppear:summary} Closes: 951537 Changes: php-horde-data (2.1.4-3+deb9u1) stretch; urgency=high . * Fix CVE-2020-8518: The Horde Application Framework contained a remote code execution vulnerability. An authenticated remote attacker could use this flaw to cause execution of uploaded CSV data. (Closes: #951537) Checksums-Sha1: 5d8d646286a4ecc70119713b194249976e50f73c 2098 php-horde-data_2.1.4-3+deb9u1.dsc 12970d9408efa26d6642a102efe6a7b1017a945c 44351 php-horde-data_2.1.4.orig.tar.gz 268980121001eca81c58062abfe5b33f8d2abc18 3464 php-horde-data_2.1.4-3+deb9u1.debian.tar.xz 53d6ada940dd7469581430bf46268ae46c6388ca 6201 php-horde-data_2.1.4-3+deb9u1_amd64.buildinfo Checksums-Sha256: 0e63bfaf3ee7cf59e0a59db0204c465440c33a4a0e882f6329f39566f4960df9 2098 php-horde-data_2.1.4-3+deb9u1.dsc 6f64e8382bad1416bc44e011b538b7a31f2614c3ff73dacc48ff1490f7de3c03 44351 php-horde-data_2.1.4.orig.tar.gz 6dbf69f0bc6f58e1978c9008f9439c00866531239411cc163e8e0ee44fab0d68 3464 php-horde-data_2.1.4-3+deb9u1.debian.tar.xz c49695af0bdf1f458a3404944410556fb10243d6ad0d95f07d79bd9cf32d55bd 6201 php-horde-data_2.1.4-3+deb9u1_amd64.buildinfo Files: 80d9db040657b1f688aa17dd119fd6b2 2098 php extra php-horde-data_2.1.4-3+deb9u1.dsc a92ecf34355fa5156f91ef6f3da9cab8 44351 php extra php-horde-data_2.1.4.orig.tar.gz 3324ab7ea8247c34ae86606d2c059990 3464 php extra php-horde-data_2.1.4-3+deb9u1.debian.tar.xz 74489ae4c696d3c23ad2067306593a80 6201 php extra php-horde-data_2.1.4-3+deb9u1_amd64.buildinfo -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEEz9ERzDttUsU/BH8iLNd4Xt2nsg8FAl6TFKEACgkQLNd4Xt2n sg9kJQ//UVziu3UNZO/ZwRV6AJYyHkl/MhaEhFPchXq+UZQb+VYLDYSH5s9fysHq paJGom+nV0GJga29YfGY3h7m55X2QwmLtQ+Uq3UlRCT1lGRVvR/T7bq+r/ILzbnJ Z0f38ow0Z2HsFpXdrvkPEyoexsIDCxdD529bkjmP2URz9GjLSltTZC/kwcGoCHia tTSdjcEz9ku4vXOUc/LDuMpsNI7QIo9q9COg1PwXvsnenV/NJd9pAxdJ4Lp+0RR7 7BtEDjbCx/Bv7smiQaN8hDpGk/AWCx+Fxw+ObDZAqPOH7KJjS0HWKNcrc0RL3wtH xI/RkNzZXSyGyDfU+edYEbKxdXZsRLPmH+0ZQXnhsHnwMg8i8VgS38Y/FtfivJxt 28EFD7rBxEdDDJ0Ahj0zq4KbM3T2x4exwmmqnqydCOq+nGdWXzQVLcFzfuxzTYFU Fv1X72mkZ2N3lbyyR30DqXjfYa9M8zihbYnofIDF1f0HcGoDdSZlVAIV5OMzDoL9 di8Ytru6ccSWUSmPz6ohEnDXVSPwEivDRlqPihgtnPmscLIczMlan82Q9YEOdtEL s8DpJ6D1SfemvkRZOHu49Wr0weeoyECxNDBJGYKssXD0zA8zvBE0xFWf4/ei4GBl 6gOsFtCGG7kJOHPD75paj1359ZYo8osbErtjZEwstwLMhICpm5A= =KW4v -----END PGP SIGNATURE-----
--- End Message ---
