Debian Bug report logs -
#730110
php-horde: CVE-2013-6364 CVE-2013-6365
Reported by: Moritz Muehlenhoff <jmm@inutil.org>
Date: Thu, 21 Nov 2013 14:39:01 UTC
Severity: grave
Tags: security
Fixed in version php-horde/5.1.5+debian0-1
Done: Mathieu Parent <sathieu@debian.org>
Bug is archived. No further changes may be made.
Toggle useless messages
Report forwarded
to debian-bugs-dist@lists.debian.org, team@security.debian.org, secure-testing-team@lists.alioth.debian.org, Horde Maintainers <pkg-horde-hackers@lists.alioth.debian.org>:
Bug#730110; Package php-horde.
(Thu, 21 Nov 2013 14:39:06 GMT) (full text, mbox, link).
Acknowledgement sent
to Moritz Muehlenhoff <jmm@inutil.org>:
New Bug report received and forwarded. Copy sent to team@security.debian.org, secure-testing-team@lists.alioth.debian.org, Horde Maintainers <pkg-horde-hackers@lists.alioth.debian.org>.
(Thu, 21 Nov 2013 14:39:06 GMT) (full text, mbox, link).
Message #5 received at submit@bugs.debian.org (full text, mbox, reply):
Package: php-horde
Severity: grave
Tags: security
Justification: user security hole
CVE-2013-6364:
http://www.securityfocus.com/archive/1/529589
http://bugs.horde.org/ticket/12803
CVE-2013-6365:
http://www.securityfocus.com/archive/1/529590
http://bugs.horde.org/ticket/12804
Horde is not in stable, can you please check whether oldstable is affected?
Cheers,
Moritz
Bug 730110 cloned as bugs 730979, 730980
Request was from Mathieu Parent <math.parent@gmail.com>
to control@bugs.debian.org.
(Sat, 30 Nov 2013 18:03:10 GMT) (full text, mbox, link).
Reply sent
to Mathieu Parent <sathieu@debian.org>:
You have taken responsibility.
(Sat, 30 Nov 2013 19:06:24 GMT) (full text, mbox, link).
Notification sent
to Moritz Muehlenhoff <jmm@inutil.org>:
Bug acknowledged by developer.
(Sat, 30 Nov 2013 19:06:24 GMT) (full text, mbox, link).
Message #12 received at 730110-close@bugs.debian.org (full text, mbox, reply):
Source: php-horde
Source-Version: 5.1.5+debian0-1
We believe that the bug you reported is fixed in the latest version of
php-horde, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to 730110@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Mathieu Parent <sathieu@debian.org> (supplier of updated php-horde package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@ftp-master.debian.org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Format: 1.8
Date: Sat, 30 Nov 2013 19:51:45 +0100
Source: php-horde
Binary: php-horde
Architecture: source all
Version: 5.1.5+debian0-1
Distribution: unstable
Urgency: low
Maintainer: Horde Maintainers <pkg-horde-hackers@lists.alioth.debian.org>
Changed-By: Mathieu Parent <sathieu@debian.org>
Description:
php-horde - ${phppear:summary}
Closes: 722960 726187 730110
Changes:
php-horde (5.1.5+debian0-1) unstable; urgency=low
.
* New upstream version 5.1.5+debian0
- Fixes the grep path (Closes: #722960)
- CVE-2013-6365 (Closes: #730110)
* Remove ".php" extension from two files in $PATH
* Fix php path in those two same files
* Rename old README.Debian to NEWS which is more correct
* Add a quick start guide in README.Debian
* Provide a horde-writable-config to ease initial configuration
(Closes: #726187)
* Add ActiveSync URLs
Checksums-Sha1:
37f32fd0f95cb52c7a7598470998972de2de531a 1389 php-horde_5.1.5+debian0-1.dsc
196d2c2009f6db12a6ab632705dc464029a484cb 2897282 php-horde_5.1.5+debian0.orig.tar.gz
60091ecb4d7fea452b46ab179eb818b23c5c3c78 12505 php-horde_5.1.5+debian0-1.debian.tar.gz
2694424566078a504b8dcd8608c85727eb5b82bd 2988526 php-horde_5.1.5+debian0-1_all.deb
Checksums-Sha256:
32b6e4ffd77e4ec911182bc4e6a8d76a3130305201b47da8a81f3b45fc0b7914 1389 php-horde_5.1.5+debian0-1.dsc
32cb0b3a23c890c46da56d53b2318aad4cde5eed3da787da38e82474956ad9a2 2897282 php-horde_5.1.5+debian0.orig.tar.gz
c419ad3fb5aa9e9a474f13d95c6610ff7516e06d980219d165b31c251e5f3cb0 12505 php-horde_5.1.5+debian0-1.debian.tar.gz
53de58da92540587db5fa49d65fbbe87def605be5d75e12672a7a4917d2ed41a 2988526 php-horde_5.1.5+debian0-1_all.deb
Files:
c5a9429693a43158ee54a9b73fd948bc 1389 php extra php-horde_5.1.5+debian0-1.dsc
f33aa812a2b447b580169a284d0bbfe1 2897282 php extra php-horde_5.1.5+debian0.orig.tar.gz
cd594a2228ab18e66db781d51a50076c 12505 php extra php-horde_5.1.5+debian0-1.debian.tar.gz
8247fbf1f816c5d698a3b8b85104da08 2988526 php extra php-horde_5.1.5+debian0-1_all.deb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.15 (GNU/Linux)
iEYEARECAAYFAlKaNJwACgkQOW2jYf5fHX9DVQCfao1XWRGUaNmBrz6y8foSN0Wg
UgsAoJhXv5mPn+SKmyrS3FpV5+0ibNzv
=pD4L
-----END PGP SIGNATURE-----
Bug archived.
Request was from Debbugs Internal Request <owner@bugs.debian.org>
to internal_control@bugs.debian.org.
(Sat, 04 Jan 2014 07:25:23 GMT) (full text, mbox, link).
Send a report that this bug log contains spam.
Debian bug tracking system administrator <owner@bugs.debian.org>.
Last modified:
Wed Jun 19 16:40:11 2019;
Machine Name:
beach
Debian Bug tracking system
Debbugs is free software and licensed under the terms of the GNU
Public License version 2. The current version can be obtained
from https://bugs.debian.org/debbugs-source/.
Copyright © 1999 Darren O. Benham,
1997,2003 nCipher Corporation Ltd,
1994-97 Ian Jackson,
2005-2017 Don Armstrong, and many other contributors.
Vulmon