-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Package : php-horde Version : 5.2.1+debian0-2+deb8u4 CVE ID : CVE-2017-16907 Debian Bug : 909739
It was discovered that the Horde Application Framework written in PHP was affected by a Cross-site scripting vulnerability via the Color field in a Create Task List action. This may be used by attackers to bypass access controls. For Debian 8 "Jessie", this problem has been fixed in version 5.2.1+debian0-2+deb8u4. We recommend that you upgrade your php-horde packages. Further information about Debian LTS security advisories, how to apply these updates to your system and frequently asked questions can be found at: https://wiki.debian.org/LTS -----BEGIN PGP SIGNATURE----- iQKTBAEBCgB9FiEErPPQiO8y7e9qGoNf2a0UuVE7UeQFAlu6g1xfFIAAAAAALgAo aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEFD RjNEMDg4RUYzMkVERUY2QTFBODM1RkQ5QUQxNEI5NTEzQjUxRTQACgkQ2a0UuVE7 UeT23g/7B+eJYcx1NsE0NrYxg+1fafj6bP05hyXp2N26B/C5KPGpVqMzvuPX9IK2 M9YPoC11gujHhGOYnp/atYrJlkzdmp/UppAbdOojCYp+HUPQPiz3GxFM9d3cwfHk LijVQFl2rLEkK5qwF13fs4EHJimaResAJ6FhuoIUvf1nFrI/UHZn4wAkc7Q7sj06 BaWZO9XaQhNwUmGdl0YbsTer1/Td0aHm75+ZrTABo+aPno+UBt5UKkJEiVSePbiq 8KD94RihpPXy1QOA9POEMd7ENYVhl4fBpo7Ho/CgyBk6uz17bfuALPEhtVftziK3 mgs3Ho0+Gyh0c3Q+nDa9cz8j9dJHJ+zUcbHvuOo1lCFTNJtuoCdC12mVf0CiKmhs ZJK7Y4Wcl+IjxUDQCq+GS33er19UURtB7z1BjqcPs1cliANKWcNvpyxa/jOvySML 1Cqo1eHPQ1fYvlr6bZwDeTOP+epwCeV6olsWXGs6S34MsTgOtocnAnRvZtAA4nlB hay34/7kH5dS4OGrADQ5HbGeiU66BakPuj76zDfCGwYJsFLkFIb/H0ta4RoDcApA sDXrYiErby3TfOgSoChEZ1x9fLrCNQfk2dFdEcqm+aWnnjJFpjPK8Afm5lRtOUDC 2dDCmfgh07XyvpWuPTrQN+h7ml1WDDHYMCJbq+08Lk+nwJpPe6g= =qfks -----END PGP SIGNATURE-----
