Bug#1012279: marked as done (php-horde-turba: CVE-2022-30287)

Mon, 06 Jun 2022 00:22:52 -0700 

Your message dated Mon, 6 Jun 2022 09:16:53 +0200
with message-id <yp2p5zeem8xmo...@eldamar.lan>
and subject line Re: Bug#1012279: php-horde-turba: CVE-2022-30287
has caused the Debian Bug report #1012279,
regarding php-horde-turba: CVE-2022-30287
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
1012279: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1012279
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message --- 
Source: php-horde-turba
Version: 4.2.25-5
Severity: grave
Tags: security upstream
X-Debbugs-Cc: car...@debian.org, Debian Security Team <t...@security.debian.org>

Hi,

The following vulnerability was published for php-horde-turba,
CVE-2022-30287[0].

If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.

For further information see:

[0] https://security-tracker.debian.org/tracker/CVE-2022-30287
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-30287
[1] https://blog.sonarsource.com/horde-webmail-rce-via-email/
[2] https://lists.horde.org/archives/horde/Week-of-Mon-20220530/059225.html
[3] https://github.com/horde/turba/pull/7

Please adjust the affected versions in the BTS as needed.

Regards,
Salvatore

--- End Message ---
--- Begin Message --- 
Source: php-horde-turba
Source-Version: 4.2.25-6

On Mon, Jun 06, 2022 at 05:50:33AM +0200, Juri Grabowski wrote:
> Hello together,
> 
> On 2022-06-05 14:35 7, Salvatore Bonaccorso wrote:
> > it looks that the force pushed commit two days ago adjusted two
> > further create() -> createTrusted() stances in lib/Application.php,
> > can you double check?
> functions backup and _restoreContact are only available on turba/master
> for future release.

Thanks for checking. In this case let's close this bug with the
4.2.25-6 version.

Regards,
Salvatore

--- End Message ---

Reply via email to