Your message dated Sat, 13 Jun 2020 15:47:09 +0000
with message-id <e1jk8nb-000ccq...@fasolo.debian.org>
and subject line Bug#961649: fixed in php-horde-gollem 3.0.12-3+deb10u1
has caused the Debian Bug report #961649,
regarding php-horde-gollem: CVE-2020-8034
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
961649: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=961649
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Source: php-horde-gollem
Version: 3.0.12-5
Severity: grave
Tags: security upstream
Control: found -1 3.0.12-3

Hi,

The following vulnerability was published for php-horde-gollem.

CVE-2020-8034[0]:
| Gollem before 3.0.13, as used in Horde Groupware Webmail Edition
| 5.2.22 and other products, is affected by a reflected Cross-Site
| Scripting (XSS) vulnerability via the HTTP GET dir parameter in the
| browser functionality, affecting breadcrumb output. An attacker can
| obtain access to a victim's webmail account by making them visit a
| malicious URL.


If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.

For further information see:

[0] https://security-tracker.debian.org/tracker/CVE-2020-8034
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-8034
[1] https://lists.horde.org/archives/announce/2020/001289.html

Please adjust the affected versions in the BTS as needed.

Regards,
Salvatore

--- End Message ---
--- Begin Message ---
Source: php-horde-gollem
Source-Version: 3.0.12-3+deb10u1
Done: Mike Gabriel <sunwea...@debian.org>

We believe that the bug you reported is fixed in the latest version of
php-horde-gollem, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 961...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Mike Gabriel <sunwea...@debian.org> (supplier of updated php-horde-gollem 
package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@ftp-master.debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Format: 1.8
Date: Sun, 31 May 2020 16:20:16 +0200
Source: php-horde-gollem
Architecture: source
Version: 3.0.12-3+deb10u1
Distribution: buster
Urgency: medium
Maintainer: Horde Maintainers <team+debian-horde-t...@tracker.debian.org>
Changed-By: Mike Gabriel <sunwea...@debian.org>
Closes: 961649
Changes:
 php-horde-gollem (3.0.12-3+deb10u1) buster; urgency=medium
 .
   * debian/patches:
     + Add CVE-2020-8034.patch. Fix XSS vulnerability in breadcrumb output
       (Reported by: polict of Shielder). (Closes: #961649, CVE-2020-8034).
Checksums-Sha1:
 2beadc2832b23a4513e2205b1134ee658c9a9be0 2091 
php-horde-gollem_3.0.12-3+deb10u1.dsc
 8bfb1711723b5f0d8428f4ba14e3bf008afc0ac6 3596 
php-horde-gollem_3.0.12-3+deb10u1.debian.tar.xz
 7927e622bb5c303a6ff023d19990057b9a037499 7049 
php-horde-gollem_3.0.12-3+deb10u1_source.buildinfo
Checksums-Sha256:
 20a00b93b829a145f79c65febdca5c8f06addc8c17d4c6a54a22205896459ca2 2091 
php-horde-gollem_3.0.12-3+deb10u1.dsc
 5a30900841e5d0dd153abe7f5540cab2d2e2b7cd71cbf31791609267a91c7d50 3596 
php-horde-gollem_3.0.12-3+deb10u1.debian.tar.xz
 fe55d9d0c7b10f3273a0c43cdb0fad7ea7dbe30a479597e6284df3b7852c78a2 7049 
php-horde-gollem_3.0.12-3+deb10u1_source.buildinfo
Files:
 d90fea314f311288cb9076d157c58ece 2091 php optional 
php-horde-gollem_3.0.12-3+deb10u1.dsc
 d6ab1f17dddf44ab95415ac911f2f30d 3596 php optional 
php-horde-gollem_3.0.12-3+deb10u1.debian.tar.xz
 c40ec6fe85a9a590e8539a4e3ec054dc 7049 php optional 
php-horde-gollem_3.0.12-3+deb10u1_source.buildinfo

-----BEGIN PGP SIGNATURE-----

iQJJBAEBCAAzFiEEm/uu6GwKpf+/IgeCmvRrMCV3GzEFAl7Tw40VHHN1bndlYXZl
ckBkZWJpYW4ub3JnAAoJEJr0azAldxsxpV8P/2wc87SP3Dy1OG1I+Xb1OYpBAeC9
tl/p3GxSuPQIrsEMcu/tFg+hlPNxOnYuXrRNJdqgFYufYUQAAhw0uwf3vi++wCAJ
jJzp5Swluj/HgBmA/2LMPxKsEyq/i/fybbj5ZSbqjodUQgBY7K3sqP2t6gRfchIM
+XyXcMbJHLBRUC/vnwRiZS9lR1DYPJ1xy1n7CcQ4fLTsTEgT+s8l22mYqBEEpFgP
1KNdn6H6BBg/1v7HUtDB9JFOiz/aOGOrXnakTCEyQdbp5m9IXpW6TDBBrLgvpOp/
RgJwgZLw+uTjCQU0clL/v4eFAwfHiZtm9wAdK/6ekImPvlTGtmsrerS5J8JIMeSH
m3HL2oV9TeocKRQAvxOUT2rFm3dAQ7DOh9UQLcwIulT/vofLfIQPDb3WoINMPkkr
MMSpHEX4SD2K8+L6IStk+Qo8dXpDpPD8anhDHMYOP1ECkp0Z3cy5mrHLQ2d+tYIw
SqpffPk9/LMDGWvSfQTagX2zTGgHjY7JZNFU/qkiX8SrVWKp3X6zHdww4C7WJiL1
aYt15elv7qnYoxII3G9WmKa8BF5jkKg95qDmEeNee4eqnFECU03tSncM8j/T1rOQ
6vCWDhDLF+t4tT/A3L3usZs2R+2LqVw0vkL7kzOruY5OxkRRwWu4ftsWm+O1hdiR
b6u7vHAFQmK67j69
=NF7x
-----END PGP SIGNATURE-----

--- End Message ---

Reply via email to