-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Package : php-horde-crypt Version : 2.5.0-5+deb8u1 CVE ID : CVE-2017-7413 CVE-2017-7414 Debian Bug : 859635
It was discovered that in Horde-Crypt, a cryptographic library and part of the PHP Horde framework, a command injection was possible when a Horde user used the PGP features to view an encrypted email. For Debian 8 "Jessie", these problems have been fixed in version 2.5.0-5+deb8u1. We recommend that you upgrade your php-horde-crypt packages. Further information about Debian LTS security advisories, how to apply these updates to your system and frequently asked questions can be found at: https://wiki.debian.org/LTS -----BEGIN PGP SIGNATURE----- iQKTBAEBCgB9FiEErPPQiO8y7e9qGoNf2a0UuVE7UeQFAlszuWBfFIAAAAAALgAo aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEFD RjNEMDg4RUYzMkVERUY2QTFBODM1RkQ5QUQxNEI5NTEzQjUxRTQACgkQ2a0UuVE7 UeRz/g//YPU5JaRWIMsB+ui8y6lJn4xk6y19F7Uh3XxjX8fCZwaXP2mxNhzoMkat D2nxbMjhTeQiMUT6RZx9L53mKLHo8Lm47u0wOUs9UoWhXOIJKT7mtaBmom6/6ywE 2Vgbjp6JPjBMcYpIey/bcqQvogxr4XN2LwxGoLCL1JLsSH8kq+C7q5wp9wpsotYJ 3fT9ugL9uvZ38mjcr/+AFxU7G0TdK2Q5JXbx5bH3VWcRUNVY28dhi8WU0xDisHfw z6axsIGzirNKju4nM5xxZhgGjRImzamigj8qEmqZXH8x19If9RUjvcksCD6qp40d 4YSejV6qRz223fzIIr4euYzngHMDKwBpXZjM2RzrPAXBTLbPkXw/wmdMAYu33/rG j8vKuaes+tLWgUbCHud5J1GnJgLny1qAdT0qdOYh6hel+0WwV/nlEGpzA9mjFLSG zSZShEkG4ZAZlBQJNxqI6o6FkeQ4optD55LeeGodf94Ekd6FRUKH784x/CnbMbfh YoByokB3ydiPTtSvljJc6YH+UIWZlzzelIx9eOsc78lua1jr5UKzoGFJkKIwHcWQ F4W87fj6wCmw9t1DFq1X0Z6otHpav8rkOKXcepDIzNf8xPgUFDzKB5wCrjJFn2fp Cnku90tMkOqMBdPHOl30BhEVTk+SrgxvUhA5DAc5PYzxvKiqEwY= =PYaH -----END PGP SIGNATURE-----
