Your message dated Sat, 01 Jul 2017 21:24:44 +0000 with message-id <e1drpsi-000dgb...@fasolo.debian.org> and subject line Bug#865505: fixed in php-horde-image 2.5.1-1 has caused the Debian Bug report #865505, regarding php-horde-image: CVE-2017-9774: RCE via crafted GET request for authenticated users to be marked as done.
This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 865505: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=865505 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
--- Begin Message ---Source: php-horde-image Version: 2.1.0-4 Severity: grave Tags: upstream security Hi, the following vulnerability was published for php-horde-image. CVE-2017-9774[0]: | Remote Code Execution was found in Horde_Image 2.x before 2.5.0 via a | crafted GET request. Exploitation requires authentication. If you fix the vulnerability please also make sure to include the CVE (Common Vulnerabilities & Exposures) id in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2017-9774 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9774 Regards, Salvatore
--- End Message ---
--- Begin Message ---Source: php-horde-image Source-Version: 2.5.1-1 We believe that the bug you reported is fixed in the latest version of php-horde-image, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 865...@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Mathieu Parent <sath...@debian.org> (supplier of updated php-horde-image package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmas...@ftp-master.debian.org) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Format: 1.8 Date: Sat, 01 Jul 2017 21:37:17 +0200 Source: php-horde-image Binary: php-horde-image Architecture: source all Version: 2.5.1-1 Distribution: unstable Urgency: medium Maintainer: Horde Maintainers <pkg-horde-hack...@lists.alioth.debian.org> Changed-By: Mathieu Parent <sath...@debian.org> Description: php-horde-image - ${phppear:summary} Closes: 865504 865505 Changes: php-horde-image (2.5.1-1) unstable; urgency=medium . * New upstream version 2.5.1 - CVE-2017-9774: RCE via crafted GET request for authenticated users (Closes: #865505) - CVE-2017-9773: DoS via crafted URL to the Null image driver (Closes: #865504) Checksums-Sha1: d6b45b4f1ee5dfa739333164216fdf45580b3f73 2113 php-horde-image_2.5.1-1.dsc f0796e661e0f9e2f4365644fddb5d1493c052e72 778405 php-horde-image_2.5.1.orig.tar.gz b826e4e788bed48f05ea3e4538e9977ebc313c92 3096 php-horde-image_2.5.1-1.debian.tar.xz 225496bbb35c72d82b373f860d2cf2d7049ecd26 170730 php-horde-image_2.5.1-1_all.deb 26d703074fc2ee237ec90d2f270e2d0b4010487b 6247 php-horde-image_2.5.1-1_amd64.buildinfo Checksums-Sha256: a7a68e5b184fec2cb12aeba7db481c49a70b5e753df33badb9843ab15f309712 2113 php-horde-image_2.5.1-1.dsc 222bd6461a8ee40da9ab22e9c4b831ac1302d6466cdb9114f3eea0a4ab33d790 778405 php-horde-image_2.5.1.orig.tar.gz f157a5a25b6549aeefaaa0985a1731157ede3f5c0202da76b1f2f478ca6d3311 3096 php-horde-image_2.5.1-1.debian.tar.xz 046323a8031815fdfb8edf799b9519cac760731a1cc7ad5fb5c6aa15e02fd1e3 170730 php-horde-image_2.5.1-1_all.deb 7eedcf539a8a7c8267616c8c95bb6ce1f1cdae910a3ed28b40b3091233f07dc1 6247 php-horde-image_2.5.1-1_amd64.buildinfo Files: 9477672aeabb84b4933868d7dce41e19 2113 php extra php-horde-image_2.5.1-1.dsc 0385b6ff91eea9473100271778f5d5c0 778405 php extra php-horde-image_2.5.1.orig.tar.gz 25532c84a4580e11a3f5d5f5160a814b 3096 php extra php-horde-image_2.5.1-1.debian.tar.xz c7cde9d30303e43bfdb6562a7776ff24 170730 php extra php-horde-image_2.5.1-1_all.deb 0cc658e04bb6ee10d01ef8727fe66a39 6247 php extra php-horde-image_2.5.1-1_amd64.buildinfo -----BEGIN PGP SIGNATURE----- iQJHBAEBCAAxFiEEqIGbPTP9weQZ135HrgOYBGZoH6UFAllX+sgTHHNhdGhpZXVA ZGViaWFuLm9yZwAKCRCuA5gEZmgfpY/UD/oCeJh+g3g4Pm+ubkM3mIp7PoeS7BPP cQrj4wNmU3P4ffUy0S90dnFXtB8YEGCTc2649+sMooT0bwEDoZewgQEUEt/4tPvl KqRpNTy8bEc0S9yu77EU2wWTqg7A+wGu5eMlOMJSAb0Xqx4rF1NylLusfgQNyLEe RShCA2KWaNmkdHUxAsn6qilqi3/17lH8Qye3vMaFywSy7Naxbs4gxOCV3EnxRaiZ ahys3b7Iy4Jh+K/WH6F+d+B5l+E69kVoOe0BexSdTnwrEK+VccbUqEFuZNW/XCfp VGHbrKcE5+p6zvSuupQA13IJ1JmV/tcPyU4NRedneI01gT0Ti/KvDRhzV6R340l/ RuI4budURIrvLXBTDnqhZXY3afVpgs2J5R3wIYsUipgdPs5dxwWu75m4dvl2+zWP ROh4zQ3oRQ0/xPOy/2A8OPVd2lC/c4hGgekGhANebMPcP8k9kma+zIWnrAp5cLGK 9uhjnyvK/NVncMWifyPji7cPPpqZdkKyNnRS+6D/k27tVVExVbxeS59YylOPIHvd gnM/0yMqvJ6JJRLvpXLL3arg+GjwynL6vp8b7xfNI3fUHjpHGTGJLiLXbTlATCqL x4Lh0LQfZJuuwU18eUEFDoAgn8bbqc+Dd+6EJZ+kiMcCZD9SDVCbi5F3yKPi/FYh TUuBlQw8uW2Wmw== =7AKx -----END PGP SIGNATURE-----
--- End Message ---
