Recent Vulnerabilities Research Posts Trends Blog About Contact

Related Vulnerabilities: CVE-2017-9773 CVE-2017-9774 CVE-2017-14650

Source

Debian Bug report logs - #865504
php-horde-image: CVE-2017-9773: DoS via crafted URL to the Null image driver

Package: src:php-horde-image; Maintainer for src:php-horde-image is Horde Maintainers <team+debian-horde-team@tracker.debian.org>;

Reported by: Salvatore Bonaccorso <carnil@debian.org>

Date: Thu, 22 Jun 2017 05:45:02 UTC

Severity: important

Tags: security, upstream

Found in version php-horde-image/2.3.6-1

Fixed in versions php-horde-image/2.5.1-1, php-horde-image/2.3.6-1+deb9u1

Done: Chris Lamb <lamby@debian.org>

Bug is archived. No further changes may be made.

Toggle useless messages

View this report as an mbox folder, status mbox, maintainer mbox

Report forwarded to debian-bugs-dist@lists.debian.org, carnil@debian.org, team@security.debian.org, secure-testing-team@lists.alioth.debian.org, team@security.debian.org, secure-testing-team@lists.alioth.debian.org, Horde Maintainers <pkg-horde-hackers@lists.alioth.debian.org>:
Bug#865504; Package src:php-horde-image. (Thu, 22 Jun 2017 05:45:04 GMT) (full text, mbox, link).

Acknowledgement sent to Salvatore Bonaccorso <carnil@debian.org>:
New Bug report received and forwarded. Copy sent to carnil@debian.org, team@security.debian.org, secure-testing-team@lists.alioth.debian.org, team@security.debian.org, secure-testing-team@lists.alioth.debian.org, Horde Maintainers <pkg-horde-hackers@lists.alioth.debian.org>. (Thu, 22 Jun 2017 05:45:04 GMT) (full text, mbox, link).

Message #5 received at submit@bugs.debian.org (full text, mbox, reply):

Source: php-horde-image
Version: 2.3.6-1
Severity: important
Tags: security upstream

Hi,

the following vulnerability was published for php-horde-image.

CVE-2017-9773[0]:
| Denial of Service was found in Horde_Image 2.x before 2.5.0 via a
| crafted URL to the "Null" image driver.

If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.

For further information see:

[0] https://security-tracker.debian.org/tracker/CVE-2017-9773
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9773

Regards,
Salvatore

Reply sent to Mathieu Parent <sathieu@debian.org>:
You have taken responsibility. (Sat, 01 Jul 2017 21:27:04 GMT) (full text, mbox, link).

Notification sent to Salvatore Bonaccorso <carnil@debian.org>:
Bug acknowledged by developer. (Sat, 01 Jul 2017 21:27:04 GMT) (full text, mbox, link).

Message #10 received at 865504-close@bugs.debian.org (full text, mbox, reply):

Source: php-horde-image
Source-Version: 2.5.1-1

We believe that the bug you reported is fixed in the latest version of
php-horde-image, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 865504@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Mathieu Parent <sathieu@debian.org> (supplier of updated php-horde-image package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@ftp-master.debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Format: 1.8
Date: Sat, 01 Jul 2017 21:37:17 +0200
Source: php-horde-image
Binary: php-horde-image
Architecture: source all
Version: 2.5.1-1
Distribution: unstable
Urgency: medium
Maintainer: Horde Maintainers <pkg-horde-hackers@lists.alioth.debian.org>
Changed-By: Mathieu Parent <sathieu@debian.org>
Description:
 php-horde-image - ${phppear:summary}
Closes: 865504 865505
Changes:
 php-horde-image (2.5.1-1) unstable; urgency=medium
 .
   * New upstream version 2.5.1
     - CVE-2017-9774: RCE via crafted GET request for authenticated users
       (Closes: #865505)
     - CVE-2017-9773: DoS via crafted URL to the Null image driver (Closes:
       #865504)
Checksums-Sha1:
 d6b45b4f1ee5dfa739333164216fdf45580b3f73 2113 php-horde-image_2.5.1-1.dsc
 f0796e661e0f9e2f4365644fddb5d1493c052e72 778405 php-horde-image_2.5.1.orig.tar.gz
 b826e4e788bed48f05ea3e4538e9977ebc313c92 3096 php-horde-image_2.5.1-1.debian.tar.xz
 225496bbb35c72d82b373f860d2cf2d7049ecd26 170730 php-horde-image_2.5.1-1_all.deb
 26d703074fc2ee237ec90d2f270e2d0b4010487b 6247 php-horde-image_2.5.1-1_amd64.buildinfo
Checksums-Sha256:
 a7a68e5b184fec2cb12aeba7db481c49a70b5e753df33badb9843ab15f309712 2113 php-horde-image_2.5.1-1.dsc
 222bd6461a8ee40da9ab22e9c4b831ac1302d6466cdb9114f3eea0a4ab33d790 778405 php-horde-image_2.5.1.orig.tar.gz
 f157a5a25b6549aeefaaa0985a1731157ede3f5c0202da76b1f2f478ca6d3311 3096 php-horde-image_2.5.1-1.debian.tar.xz
 046323a8031815fdfb8edf799b9519cac760731a1cc7ad5fb5c6aa15e02fd1e3 170730 php-horde-image_2.5.1-1_all.deb
 7eedcf539a8a7c8267616c8c95bb6ce1f1cdae910a3ed28b40b3091233f07dc1 6247 php-horde-image_2.5.1-1_amd64.buildinfo
Files:
 9477672aeabb84b4933868d7dce41e19 2113 php extra php-horde-image_2.5.1-1.dsc
 0385b6ff91eea9473100271778f5d5c0 778405 php extra php-horde-image_2.5.1.orig.tar.gz
 25532c84a4580e11a3f5d5f5160a814b 3096 php extra php-horde-image_2.5.1-1.debian.tar.xz
 c7cde9d30303e43bfdb6562a7776ff24 170730 php extra php-horde-image_2.5.1-1_all.deb
 0cc658e04bb6ee10d01ef8727fe66a39 6247 php extra php-horde-image_2.5.1-1_amd64.buildinfo

-----BEGIN PGP SIGNATURE-----

iQJHBAEBCAAxFiEEqIGbPTP9weQZ135HrgOYBGZoH6UFAllX+sgTHHNhdGhpZXVA
ZGViaWFuLm9yZwAKCRCuA5gEZmgfpY/UD/oCeJh+g3g4Pm+ubkM3mIp7PoeS7BPP
cQrj4wNmU3P4ffUy0S90dnFXtB8YEGCTc2649+sMooT0bwEDoZewgQEUEt/4tPvl
KqRpNTy8bEc0S9yu77EU2wWTqg7A+wGu5eMlOMJSAb0Xqx4rF1NylLusfgQNyLEe
RShCA2KWaNmkdHUxAsn6qilqi3/17lH8Qye3vMaFywSy7Naxbs4gxOCV3EnxRaiZ
ahys3b7Iy4Jh+K/WH6F+d+B5l+E69kVoOe0BexSdTnwrEK+VccbUqEFuZNW/XCfp
VGHbrKcE5+p6zvSuupQA13IJ1JmV/tcPyU4NRedneI01gT0Ti/KvDRhzV6R340l/
RuI4budURIrvLXBTDnqhZXY3afVpgs2J5R3wIYsUipgdPs5dxwWu75m4dvl2+zWP
ROh4zQ3oRQ0/xPOy/2A8OPVd2lC/c4hGgekGhANebMPcP8k9kma+zIWnrAp5cLGK
9uhjnyvK/NVncMWifyPji7cPPpqZdkKyNnRS+6D/k27tVVExVbxeS59YylOPIHvd
gnM/0yMqvJ6JJRLvpXLL3arg+GjwynL6vp8b7xfNI3fUHjpHGTGJLiLXbTlATCqL
x4Lh0LQfZJuuwU18eUEFDoAgn8bbqc+Dd+6EJZ+kiMcCZD9SDVCbi5F3yKPi/FYh
TUuBlQw8uW2Wmw==
=7AKx
-----END PGP SIGNATURE-----

Bug archived. Request was from Debbugs Internal Request <owner@bugs.debian.org> to internal_control@bugs.debian.org. (Fri, 04 Aug 2017 07:24:46 GMT) (full text, mbox, link).

Bug unarchived. Request was from Chris Lamb <lamby@debian.org> to control@bugs.debian.org. (Sat, 23 Jun 2018 10:39:06 GMT) (full text, mbox, link).

Bug archived. Request was from Debbugs Internal Request <owner@bugs.debian.org> to internal_control@bugs.debian.org. (Sun, 22 Jul 2018 07:25:08 GMT) (full text, mbox, link).

Bug unarchived. Request was from Chris Lamb <lamby@debian.org> to control@bugs.debian.org. (Thu, 16 Aug 2018 15:15:13 GMT) (full text, mbox, link).

Information forwarded to debian-bugs-dist@lists.debian.org, Horde Maintainers <pkg-horde-hackers@lists.alioth.debian.org>:
Bug#865504; Package src:php-horde-image. (Thu, 16 Aug 2018 15:24:02 GMT) (full text, mbox, link).

Acknowledgement sent to Chris Lamb <lamby@debian.org>:
Extra info received and forwarded to list. Copy sent to Horde Maintainers <pkg-horde-hackers@lists.alioth.debian.org>. (Thu, 16 Aug 2018 15:24:02 GMT) (full text, mbox, link).

Message #23 received at 865504@bugs.debian.org (full text, mbox, reply):

Dear Sébastien,

> > I've prepared an upload to fix the following:
> > 
> >  php-horde-image (2.3.6-1+deb9u1) stretch-security; urgency=high
> >   
> >   * CVE-2017-9773: [...]
> >   * CVE-2017-9774: [...]
> >   * CVE-2017-14650: [...]
[…]
> it looks OK to me, please upload to security-master.

Uploaded to security-master.


Regards,

-- 
      ,''`.
     : :'  :     Chris Lamb
     `. `'`      lamby@debian.org / chris-lamb.co.uk
       `-

Reply sent to Chris Lamb <lamby@debian.org>:
You have taken responsibility. (Fri, 17 Aug 2018 17:09:07 GMT) (full text, mbox, link).

Notification sent to Salvatore Bonaccorso <carnil@debian.org>:
Bug acknowledged by developer. (Fri, 17 Aug 2018 17:09:07 GMT) (full text, mbox, link).

Message #28 received at 865504-close@bugs.debian.org (full text, mbox, reply):

Source: php-horde-image
Source-Version: 2.3.6-1+deb9u1

We believe that the bug you reported is fixed in the latest version of
php-horde-image, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 865504@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Chris Lamb <lamby@debian.org> (supplier of updated php-horde-image package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@ftp-master.debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Format: 1.8
Date: Sat, 23 Jun 2018 11:09:57 +0100
Source: php-horde-image
Binary: php-horde-image
Architecture: source all
Version: 2.3.6-1+deb9u1
Distribution: stretch-security
Urgency: high
Maintainer: Horde Maintainers <pkg-horde-hackers@lists.alioth.debian.org>
Changed-By: Chris Lamb <lamby@debian.org>
Description:
 php-horde-image - ${phppear:summary}
Closes: 865504 865505 876400
Changes:
 php-horde-image (2.3.6-1+deb9u1) stretch-security; urgency=high
 .
   * CVE-2017-9773: Prevent a denial of service attack by ensuring an infinite
     loop cannot be triggered by a malicious request. (Closes: #865504)
   * CVE-2017-9774: Prevent a remote code execution vulnerability (RCE) that was
     exploitable by a logged-in user sending a maliciously crafted HTTP GET
     request to the image backends. Note that the fix applied upstream has a
     regression in that it ignores the "force aspect ratio" option; see
     <https://github.com/horde/Image/pull/1>. This has been remedied in this
     fix. (Closes: #865505)
   * CVE-2017-14650: Prevent another RCE that was exploitable by a logged-in
     user sending a maliciously crafted GET request specifically to the "im"
     image backend. (Closes: #876400)
Checksums-Sha1:
 47d78aaa68d3afd9fc0deb5c4c12419d1eeec577 2112 php-horde-image_2.3.6-1+deb9u1.dsc
 3c2e1237dc532c1e40cf46d7bc59cd75d5794a3f 769650 php-horde-image_2.3.6.orig.tar.gz
 7f35c6186f0e8c24c87374427c06cd9a74c56631 4816 php-horde-image_2.3.6-1+deb9u1.debian.tar.xz
 967e0e206efe2b61cea3064fd29306405567fa26 165020 php-horde-image_2.3.6-1+deb9u1_all.deb
 95df2167f336e96b8218cb2f132ab205d9044116 6343 php-horde-image_2.3.6-1+deb9u1_amd64.buildinfo
Checksums-Sha256:
 fedd93b4e0580e98abc1fa9343d06c8dc29c7a8b93e8478b17424b3d9047196b 2112 php-horde-image_2.3.6-1+deb9u1.dsc
 d5c8953df1a7d4bef9fa65e33f4e6945c554eaa261a4233fab08593de5f82b60 769650 php-horde-image_2.3.6.orig.tar.gz
 a5eba44a63a43b178a1df042e9e6e27fa5d0ddbfbd7599a4adae1ddeaf40ce57 4816 php-horde-image_2.3.6-1+deb9u1.debian.tar.xz
 da869c96cd620231c697a9b02584efea9f01a37d134fc8e2309978a1b8fc256d 165020 php-horde-image_2.3.6-1+deb9u1_all.deb
 07c7575bc25b2779acfb624828bc59081a88dbd011bf49f555e6797600343c30 6343 php-horde-image_2.3.6-1+deb9u1_amd64.buildinfo
Files:
 38e2ebfcc1c58e581c31a81e6a5dcb17 2112 php extra php-horde-image_2.3.6-1+deb9u1.dsc
 3314aa612d97ee9c92ec47652601bba0 769650 php extra php-horde-image_2.3.6.orig.tar.gz
 ab94d6f57be315863bd3a9ee8944e290 4816 php extra php-horde-image_2.3.6-1+deb9u1.debian.tar.xz
 ac03f6dd0d26d05d93c12831bf95aece 165020 php extra php-horde-image_2.3.6-1+deb9u1_all.deb
 e4b9f653e06e706d60e8b86749900a55 6343 php extra php-horde-image_2.3.6-1+deb9u1_amd64.buildinfo

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCAAdFiEEwv5L0nHBObhsUz5GHpU+J9QxHlgFAlt1lf4ACgkQHpU+J9Qx
HlgYwQ//RKHjOa0CY6A7pdzjrOheIAfx6+SB+N1AHPh4BV8v9tnZFrmTBzNk7G6A
5xXBhDdQT0pSQpB3hWteFF7zmZvGGrnXcgJQI0mjWAasNyqHO+XE4w2LkN8KLZA5
NLoZx1pWhHiUgUryMv4l6ivpbAK1aeFYB8/KFuhD11/1FeXsFkRl/ctV0yY1is78
4mybxkT1jWXBEdTLOoyFwu8dMXlgtKSZS6cR4JoBVJcAOxTwkFqC6moNnkEg7V4f
xKhygvVfWbZN+Xwf4tEJ/GkkUvmffiACSX2jdG6vEb1aaCLJMooS8dundLwer9O/
6ocpBGrT/VkAGehpCKSC0cic9k8byyuQD2XvkHEfD7Jue76CZDOGnECbUK90aVkB
7SqQbGPcmGg8ZAW8lVsj+iWp2y35OjSB/z426D74AgsenMIG6qKZ7mtjgN6ub04A
iZrsrIw6VvCq4uxDaSW2MlKSCaVdcbs1OwWNk18hysZ7VAInXcNop0npxNlbuvDW
lPHv9KvCFHKMKD8a4SgrxNiRBs713cv2V5WwAYH87O2hvoRwA7f9GMjtfaRqMpne
l7kKrM/gj39//T9cbWNzAoKjDyXG9MzRHN8SpzaFIltFGuZVvs+gSvNLrqL/m6ny
haecT1LVZxsMVafMIFg8VIY1iFzoP7NPGNxMeJPJwFS0RjOprHk=
=8w3R
-----END PGP SIGNATURE-----

Bug archived. Request was from Debbugs Internal Request <owner@bugs.debian.org> to internal_control@bugs.debian.org. (Sat, 15 Sep 2018 07:24:52 GMT) (full text, mbox, link).

Send a report that this bug log contains spam.

Debian bug tracking system administrator <owner@bugs.debian.org>. Last modified: Wed Jun 19 16:52:05 2019; Machine Name: beach

Debian Bug tracking system

Debbugs is free software and licensed under the terms of the GNU Public License version 2. The current version can be obtained from https://bugs.debian.org/debbugs-source/.

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

php-horde-image: CVE-2017-9773: DoS via crafted URL to the Null image driver

Debian Bug report logs - #865504
php-horde-image: CVE-2017-9773: DoS via crafted URL to the Null image driver

Vulmon Search

About

Products

Connect

php-horde-image: CVE-2017-9773: DoS via crafted URL to the Null image driver

Debian Bug report logs - #865504 php-horde-image: CVE-2017-9773: DoS via crafted URL to the Null image driver

Vulmon Search

About

Products

Connect

Debian Bug report logs - #865504
php-horde-image: CVE-2017-9773: DoS via crafted URL to the Null image driver