Sylvain Beucler pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
c3c90ce8 by Sylvain Beucler at 2025-04-03T10:39:17+02:00
CVE-2025-30349: doesn't affect php-horde, only php-horde-imp
- - - - -
2 changed files:
- data/CVE/list
- data/dla-needed.txt
Changes:
=====================================
data/CVE/list
=====================================
@@ -4894,13 +4894,12 @@ CVE-2024-13737 (The Motors \u2013 Car Dealer,
Classifieds & Listing plugin for W
CVE-2025-26796 (** UNSUPPORTED WHEN ASSIGNED ** Improper Neutralization of
Input Durin ...)
NOT-FOR-US: Apache Oozie
CVE-2025-30349 (Horde IMP through 6.2.27, as used with Horde Application
Framework thr ...)
- - php-horde <unfixed>
- [bookworm] - php-horde <ignored> (Horde in Bookworm is broken due to
PHP 8 issues and will be removed in the next point release)
- php-horde-imp <unfixed>
[bookworm] - php-horde-imp <ignored> (Horde in Bookworm is broken due
to PHP 8 issues and will be removed in the next point release)
NOTE:
https://web.archive.org/web/20250321152616/https://lists.horde.org/archives/imp/Week-of-Mon-20250317/057781.html
NOTE:
https://web.archive.org/web/20250321162434/https://lists.horde.org/archives/imp/Week-of-Mon-20250317/057784.html
NOTE: https://github.com/horde/imp/pull/15/
+ NOTE:
https://github.com/horde/imp/commit/8a89d755e0356e7785e555d85c881fd4774e973e
(FRAMEWORK_5_2)
CVE-2025-30179 (Mattermost versions 10.4.x <= 10.4.2, 10.3.x <= 10.3.3, 9.11.x
<= 9.11 ...)
- mattermost-server <itp> (bug #823556)
CVE-2025-30168 (Parse Server is an open source backend that can be deployed to
any inf ...)
=====================================
data/dla-needed.txt
=====================================
@@ -206,7 +206,7 @@ pagure
pgagent
NOTE: 20250117: Added by Front-Desk (rouca)
--
-php-horde (Sylvain Beucler)
+php-horde-imp (Sylvain Beucler)
NOTE: 20250330: Added by Front-Desk (apo)
NOTE: 20250330: Needs more investigation. Project looks stale. Warrants a
NOTE: 20250330: warning to disable HTML emails at least. (apo)
@@ -214,10 +214,7 @@ php-horde (Sylvain Beucler)
NOTE: 20250331: Adding buster as it's also supported.
NOTE: 20250331: This is probably for php-horde-imp or php-horde-[lib], TBC
(Beuc)
NOTE: 20250331: PR against horde-imp now referenced in the security-tracker.
(Beuc)
---
-php-horde-imp
- NOTE: 20250331: Added by Front-Desk (Beuc)
- NOTE: 20250331: Cf. php-horde entry (Beuc)
+ NOTE: 20250403: Patch against php-horde-imp merged upstream. (Beuc)
--
php-laravel-framework
NOTE: 20250307: Added by Front-Desk (rouca)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/c3c90ce88afb5f6c82177b6a692cf5298e06db96
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/c3c90ce88afb5f6c82177b6a692cf5298e06db96
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
