[SECURITY] [DLA 1398-1] php-horde-crypt security update
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Package : php-horde-crypt
Version : 2.5.0-5+deb8u1
CVE ID : CVE-2017-7413 CVE-2017-7414
Debian Bug : 859635
It was discovered that in Horde-Crypt, a cryptographic library and part
of the PHP Horde framework, a command injection was possible when a
Horde user used the PGP features to view an encrypted email.
For Debian 8 "Jessie", these problems have been fixed in version
2.5.0-5+deb8u1.
We recommend that you upgrade your php-horde-crypt packages.
Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS
-----BEGIN PGP SIGNATURE-----
iQKTBAEBCgB9FiEErPPQiO8y7e9qGoNf2a0UuVE7UeQFAlszuWBfFIAAAAAALgAo
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEFD
RjNEMDg4RUYzMkVERUY2QTFBODM1RkQ5QUQxNEI5NTEzQjUxRTQACgkQ2a0UuVE7
UeRz/g//YPU5JaRWIMsB+ui8y6lJn4xk6y19F7Uh3XxjX8fCZwaXP2mxNhzoMkat
D2nxbMjhTeQiMUT6RZx9L53mKLHo8Lm47u0wOUs9UoWhXOIJKT7mtaBmom6/6ywE
2Vgbjp6JPjBMcYpIey/bcqQvogxr4XN2LwxGoLCL1JLsSH8kq+C7q5wp9wpsotYJ
3fT9ugL9uvZ38mjcr/+AFxU7G0TdK2Q5JXbx5bH3VWcRUNVY28dhi8WU0xDisHfw
z6axsIGzirNKju4nM5xxZhgGjRImzamigj8qEmqZXH8x19If9RUjvcksCD6qp40d
4YSejV6qRz223fzIIr4euYzngHMDKwBpXZjM2RzrPAXBTLbPkXw/wmdMAYu33/rG
j8vKuaes+tLWgUbCHud5J1GnJgLny1qAdT0qdOYh6hel+0WwV/nlEGpzA9mjFLSG
zSZShEkG4ZAZlBQJNxqI6o6FkeQ4optD55LeeGodf94Ekd6FRUKH784x/CnbMbfh
YoByokB3ydiPTtSvljJc6YH+UIWZlzzelIx9eOsc78lua1jr5UKzoGFJkKIwHcWQ
F4W87fj6wCmw9t1DFq1X0Z6otHpav8rkOKXcepDIzNf8xPgUFDzKB5wCrjJFn2fp
Cnku90tMkOqMBdPHOl30BhEVTk+SrgxvUhA5DAc5PYzxvKiqEwY=
=PYaH
-----END PGP SIGNATURE-----
Reply to: