-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Package : php-horde-kronolith Version : 4.2.2-4+deb8u1 CVE ID : CVE-2017-16906 Debian Bug : 909737
It was discovered that the Horde Application Framework written in PHP was affected by a Cross-site scripting vulnerability via the URL field in a Calendar. This may be used by attackers to bypass access controls. For Debian 8 "Jessie", this problem has been fixed in version 4.2.2-4+deb8u1. We recommend that you upgrade your php-horde-kronolith packages. Further information about Debian LTS security advisories, how to apply these updates to your system and frequently asked questions can be found at: https://wiki.debian.org/LTS -----BEGIN PGP SIGNATURE----- iQKTBAEBCgB9FiEErPPQiO8y7e9qGoNf2a0UuVE7UeQFAlu6he5fFIAAAAAALgAo aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEFD RjNEMDg4RUYzMkVERUY2QTFBODM1RkQ5QUQxNEI5NTEzQjUxRTQACgkQ2a0UuVE7 UeS/WRAAsyt+cthELhZ1nSW1hN5pJ6hQ4rxeGGL232Bw8hUQF09WJChGYGbCDypK gszePF6Dwv0RvTcJtMWwUfA8CD5eNhmV1I10sWpOe82CMw4OMVF9RygabPTm4vW1 VX4GCiGKVOMKxESSOAEljuB8NX+8YcrWKufI3Okl+MDXdh0neOyb3aalnIUObZWf TAgJlRI78w1plzUphxtom3KMntJzMzVxgJpCEk9XcaF2b/dqtGHsvXFwuOSLLbHk jbZwCmgqU7hPiRQa03lyxJZJDA3pxPb33W7bWkclmCV6rP2DU6lTNBvyWbryJEU9 oLrA6pPv+WnCzQ5q6PHiQOcLNWb8t7f6xY0k0RenEMwgoN55k6VFnMMEaa4s6F3Y X4FQg5bl2qV1LHhvohQXE4vMSykhPClpp4DXMNOcobsCsPk4+05yQiodn3m29ZtG lN0Ir7DQZtWZUquV8E4DENhlgQZeRtMSiRjosRfqMVsATNjt2tG7hmFxLsPngRjU 3OEdOeh3L0im5Pjz06FmNAVE3JqpQFuGdJ1w55d/+ODj6BuF+r53Axc4a/ICBgBG Uz27nFTgJsHnRMjlMvjKDCS5GdaDQDLQNPpvViwsfOueg0f5+T7ckqiqX/365UzZ EyG8yPcshrNC/c7ZLp6ZQg33nDKQbBDc8s9dqbMCQZCilAgZ8bA= =zu6j -----END PGP SIGNATURE-----
