Bug#803641: [pkg-horde] Bug#803641: Aw: Re: Bug#803641: php-horde: Multiple CSRF Vulnerabilities

2015-11-04 Thread Philip Frei
On Tue, 3 Nov 2015 21:24:33 +0100 Mathieu Parent wrote: > I have tested and uploaded the fix to > security-master-unembargoed, in coordination with the security team. > If I understand correctly, it will go to the security mirrors soon. It's already there. So this bug report can be closed. Aga

Bug#803641: [pkg-horde] Bug#803641: Aw: Re: Bug#803641: php-horde: Multiple CSRF Vulnerabilities

2015-11-03 Thread Mathieu Parent
2015-11-02 14:27 GMT+01:00 Philip Frei : >> This seems to be: >> https://github.com/horde/horde/commit/a199d74932c902844514b2a83d21e7e221257dae > >> I will prepare an upload for next jessie point-release, unless you >> think it should go to the security mirors sooner. > > Thanks a lot! > > I think

Bug#803641: [pkg-horde] Bug#803641: Bug#803641: php-horde: Multiple CSRF Vulnerabilities

2015-11-02 Thread Philip Frei
On Mon, 2 Nov 2015 08:11:54 +0100 Mathieu Parent wrote: > Note that the Horde team doesn't provide CVEs, I've asked for it at: > http://lists.horde.org/archives/dev/Week-of-Mon-20141201/028821.html This[1] is how the Horde team handles security bugs in the changelog: "For security issues, we do

Bug#803641: Aw: Re: [pkg-horde] Bug#803641: php-horde: Multiple CSRF Vulnerabilities

2015-11-02 Thread Philip Frei
> This seems to be: > https://github.com/horde/horde/commit/a199d74932c902844514b2a83d21e7e221257dae > I will prepare an upload for next jessie point-release, unless you > think it should go to the security mirors sooner. Thanks a lot! I think Horde's command shells are hardly used (I, for one d

Bug#803641: [pkg-horde] Bug#803641: php-horde: Multiple CSRF Vulnerabilities

2015-11-01 Thread Mathieu Parent
Control: severity -1 important Control: tag -1 + confirmed upstream security patch jessie fixed-upstream fixed Control: fixed -1 5.2.8+debian0-1 2015-11-01 12:37 GMT+01:00 Philip Frei : > Package: php-horde > Version: 5.2.1+debian0-2+deb8u1 > Severity: normal > > Dear Maintainer, > > there are so

Bug#803641: [pkg-horde] Bug#803641: Bug#803641: php-horde: Multiple CSRF Vulnerabilities

2015-11-01 Thread Mathieu Parent
2015-11-02 7:52 GMT+01:00 Mathieu Parent : > Control: severity -1 important > Control: tag -1 + confirmed upstream security patch jessie fixed-upstream > fixed > Control: fixed -1 5.2.8+debian0-1 > > > 2015-11-01 12:37 GMT+01:00 Philip Frei : >> Package: php-horde >> Version: 5.2.1+debian0-2+deb8u

Bug#803641: php-horde: Multiple CSRF Vulnerabilities

2015-11-01 Thread Philip Frei
Package: php-horde Version: 5.2.1+debian0-2+deb8u1 Severity: normal Dear Maintainer, there are some multiple CSRF vulnerabilities in Horde that were recently discovered[1]. The new version (5.2.8) in testing/unstable fixes this problem. But the problem still exists for stable's version. I would b