-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Package : php-horde-core Version : 2.15.0+debian0-1+deb8u2 CVE ID : CVE-2017-16907 Debian Bug : 909800
It was discovered that the Horde Application Framework written in PHP was affected by a Cross-site scripting vulnerability via the Color field in a Create Task List action. This may be used by attackers to bypass access controls. For Debian 8 "Jessie", this problem has been fixed in version 2.15.0+debian0-1+deb8u2. We recommend that you upgrade your php-horde-core packages. Further information about Debian LTS security advisories, how to apply these updates to your system and frequently asked questions can be found at: https://wiki.debian.org/LTS -----BEGIN PGP SIGNATURE----- iQKTBAEBCgB9FiEErPPQiO8y7e9qGoNf2a0UuVE7UeQFAlu6hIZfFIAAAAAALgAo aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEFD RjNEMDg4RUYzMkVERUY2QTFBODM1RkQ5QUQxNEI5NTEzQjUxRTQACgkQ2a0UuVE7 UeS1NA//WVbiRyMHUsYTWyS6bHBqnnyoRr3dX/0oooDQzi3k/ku2EwMUe8Me7knk v9KTVBUkbFa/dWBufC7Wme3pJkRuXzh0YmqfbXPEmuge4UE9jx54Pgw+ElOwK/fk g8upl12JgNXHKB+yXehWApukEt76HMOcwqLTvtjnBeKG83Z48ujwYTVLszBSLyTW MkDbvKPdlAotGxZFngIr/VYwC2EyUQV60Q/JxvUYExXzrZFrwGIqgNAU92ssO8iC kmrh+M2tHa/+NbnePhE5dBjRzkhdkyLQIN3uxtqj+8XE3E4H433yfIIkLbzb2BOZ vwX52HWMJsUDe0KSWOcFqdvuHj8BWteZpJK7thEc6P3+HPTJokKYxQCd0jTnYTFY ilKqapp0onGCtH5QgM/hUs3X+iL/xdkZRHn8yrw6VtD2s/IF5utpcW1oAYFu5UIU Z/OPg01N1CIkJ686HqctpJKeRNt9J/ojgSqxvnnVv0zjMGgSPpvHM0JUV9pIOgTA 2JvfjijOTY8HvWlkZq6HudsbMRwq9J2OHaSGZRQlwweA/KN44mhDyhqkKCrtzECe xl0JoeUOMnKOKVKjfYjRlwfZgzPTPTBDo4y9PHumEVnaDaUHlDFye6z8/DE5OHhT dH6a530Cvbc4R1fTpkvDxbNg62p90tgz4nKYySFIcesKyXDvoMY= =yPEy -----END PGP SIGNATURE-----
