Your message dated Thu, 18 Feb 2021 21:19:21 +0000 with message-id <e1lcqhl-0009tb...@fasolo.debian.org> and subject line Bug#982769: fixed in php-horde-text-filter 2.3.7-1 has caused the Debian Bug report #982769, regarding php-horde-text-filter: CVE-2021-26929 to be marked as done.
This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 982769: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=982769 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
--- Begin Message ---Source: php-horde-text-filter Version: 2.3.6-7 Severity: grave Tags: security upstream X-Debbugs-Cc: car...@debian.org, Debian Security Team <t...@security.debian.org> Control: found -1 2.3.5-3+deb10u1 Control: found -1 2.3.5-3 Hi, The following vulnerability was published for php-horde-text-filter. CVE-2021-26929[0]: | An XSS issue was discovered in Horde Groupware Webmail Edition through | 5.2.22 (where the Horde_Text_Filter library before 2.3.7 is used). The | attacker can send a plain text e-mail message, with JavaScript encoded | as a link or email that is mishandled by preProcess in Text2html.php, | because bespoke use of \x00\x00\x00 and \x01\x01\x01 interferes with | XSS defenses. If you fix the vulnerability please also make sure to include the CVE (Common Vulnerabilities & Exposures) id in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2021-26929 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-26929 [1] https://lists.horde.org/archives/announce/2021/001298.html [2] https://www.alexbirnberg.com/horde-xss.html [3] https://github.com/horde/Text_Filter/commit/a2f67da064d7a91440b7a2448e56a6387ab94c67 Regards, Salvatore
--- End Message ---
--- Begin Message ---Source: php-horde-text-filter Source-Version: 2.3.7-1 Done: Mike Gabriel <sunwea...@debian.org> We believe that the bug you reported is fixed in the latest version of php-horde-text-filter, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 982...@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Mike Gabriel <sunwea...@debian.org> (supplier of updated php-horde-text-filter package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmas...@ftp-master.debian.org) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Format: 1.8 Date: Thu, 18 Feb 2021 22:05:19 +0100 Source: php-horde-text-filter Architecture: source Version: 2.3.7-1 Distribution: unstable Urgency: medium Maintainer: Horde Maintainers <team+debian-horde-t...@tracker.debian.org> Changed-By: Mike Gabriel <sunwea...@debian.org> Closes: 982769 Changes: php-horde-text-filter (2.3.7-1) unstable; urgency=medium . * New upstream version 2.3.7: - CVE-2021-26929: Fix XSS issue. (Closes: #982769). Checksums-Sha1: 22d6d6bdafcf70bb4a1aba3482cc03a863646af6 2229 php-horde-text-filter_2.3.7-1.dsc 63ee2b26ab12d08327b220232ad3bc08208a8973 55481 php-horde-text-filter_2.3.7.orig.tar.gz 7170af1863ff26dcef9c210d16d59125af6d1648 5112 php-horde-text-filter_2.3.7-1.debian.tar.xz 11c13145080343172a547951375b254fb4fcb607 6159 php-horde-text-filter_2.3.7-1_source.buildinfo Checksums-Sha256: 69bf219f200fdaeb14dab37dde8c14928e1665dff50141ace830d85073da90ab 2229 php-horde-text-filter_2.3.7-1.dsc eca599d2c453651d8a9281308d55163c4b9fefeedaf35a7c5be95e5db6e7eec4 55481 php-horde-text-filter_2.3.7.orig.tar.gz beaa4809f73ca413091fa9bfb706bb574a17b2c6f3cc4f62dd191236906816a2 5112 php-horde-text-filter_2.3.7-1.debian.tar.xz 5d6abdb4d65f741f016d773fe1460bef12325f7c59eacedbf7b5b9d5f351401b 6159 php-horde-text-filter_2.3.7-1_source.buildinfo Files: 1b77dce1ee2ec5691192652b4f90d1de 2229 php optional php-horde-text-filter_2.3.7-1.dsc ec5d474e9d61063cc02289c8a55fde41 55481 php optional php-horde-text-filter_2.3.7.orig.tar.gz e2e0e02de63b425a973a0365bca11939 5112 php optional php-horde-text-filter_2.3.7-1.debian.tar.xz 953c2e0fe68491b6310c0374abad9baa 6159 php optional php-horde-text-filter_2.3.7-1_source.buildinfo -----BEGIN PGP SIGNATURE----- iQJJBAEBCAAzFiEEm/uu6GwKpf+/IgeCmvRrMCV3GzEFAmAu10QVHHN1bndlYXZl ckBkZWJpYW4ub3JnAAoJEJr0azAldxsx51sP/i8rfTuD+QTyp+2bGDsSkT/BfdRd g2r5ZEi9aRMSGXi/wFwx/S/7BvF3I63Ny1/rmN/Bv1LAk5x6pgySiaJlj8cm7m+9 YuisrQiTpnaM+shiZJasWRwIFo5Q7w0LI27YdHn9F0RYDe2WbSlNdJ9OuJgeakWU a1FpZ1WrMR1KKDO6TURCdRTWN0xowpEw8zMiP5ACpfJB9YR0eHPiWjbFRt1706rG 8LQOas1aLQh+JOA8etO4eMR8JGEIYWJ91mTjU/KMaQJ4vXtQJDzWMUGvH+S2fXwZ 55oUKZT3w8q3no+6qRjVyHVP19PDiclrtmlR2GoDFKE6MaoKO6v/xgiD3CsmavAe IWsNfeBkyPIiUBL3VlLJEvI97t4spYY7r7csdiy3nW425DKbL4aCdPFEOHZy0F0k jkS9jpLF/T+z3SMt4KOcKRWp8yHmCc/r+Mpn5EcUsIisW86Yw7ed96l7s89giRYS B/GqphZheiteX2/YbpLVhCdp1utlFYwzvhs7G0eNRkVAtR+p8El8kTuTkiKonMf2 EE/VfZFilhhuGf8Db8sT7/Hga8wITMcrucism43RgtKWLmppEzuVIc2Wvdu1IO5u 3Gx19cmbi2PU+Y+m82w2O73GQ/iu8g37VGHovrXpLowz2+B77zyMQ5vrObbElDhE PGHBIL31SvRdGmxN =fKU6 -----END PGP SIGNATURE-----
--- End Message ---
