Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits: 479a4520 by Salvatore Bonaccorso at 2019-12-08T13:33:02Z Update information on CVE-2019-12094 and CVE-2019-12095 In the upstream ticket[1] some issues were mentioned which need to be combined to make the issue exploitable. [1]: <https://bugs.horde.org/ticket/14926> Upstream itself agress still that up to date adding bookmarks in Trean is not yet CSRF protected, but is of low priority as the whole attack is not anymore explotiable after the XSS fix in Horde 5.2.21 which *should* match the commit 81a7b5397350 ("Fix XSS vuln in the Horde Cloud Block.")[2] Roberto C. Sanchez found. This commit is included in 5.2.21 and matches the upstream comment. [2]: <https://github.com/horde/base/commit/81a7b53973506856db67e7f0b0263be29528aa75> Thus marking for CVE-2019-12095 the newly added src:php-horde part as fixed with 5.2.21+debian0-1 which is the first version in Debian unstable containing the fix. MITRE clarifies the CVE assignment as well as follows: The stored XSS should be considered part of the CSRF vulnerability in CVE-2019-12095, with the CSRF being the primary vulnerability. The reflected XSS vectors are all covered by CVE-2019-12094. The update to the two CVE entries should now match the respective understandings for the CVEs. A classification of the issues is explicitly not done with this commit. Thanks: Roberto C. Sánchez <robe...@debian.org> - - - - - 1 changed file: - data/CVE/list Changes: ===================================== data/CVE/list ===================================== @@ -26789,11 +26789,12 @@ CVE-2019-12096 RESERVED CVE-2019-12095 (Horde Trean, as used in Horde Groupware Webmail Edition through 5.2.22 ...) - php-horde-trean <unfixed> - NOTE: https://bugs.horde.org/ticket/14926 + - php-horde 5.2.21+debian0-1 + NOTE: https://github.com/horde/base/commit/81a7b53973506856db67e7f0b0263be29528aa75 + NOTE: https://bugs.horde.org/ticket/14926 (for the stored XSS) CVE-2019-12094 (Horde Groupware Webmail Edition through 5.2.22 allows XSS via an admin ...) - php-horde <unfixed> - NOTE: https://bugs.horde.org/ticket/14926 - NOTE: https://github.com/horde/base/commit/81a7b53973506856db67e7f0b0263be29528aa75 + NOTE: https://bugs.horde.org/ticket/14926 (for the reflected XSS) CVE-2019-12093 RESERVED CVE-2019-12092 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/479a4520d2d365c4a8972df5fc3e869e75f9dfce -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/479a4520d2d365c4a8972df5fc3e869e75f9dfce You're receiving this email because of your account on salsa.debian.org.
_______________________________________________ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits