------------------------------------------------------------------------- Debian LTS Advisory DLA-3923-1 debian-lts@lists.debian.org https://www.debian.org/lts/security/ Tobias Frost October 19, 2024 https://wiki.debian.org/LTS ------------------------------------------------------------------------- Package : php-horde-turba Version : 4.2.25-5+deb11u2 CVE ID : CVE-2022-30287 Debian Bug : 1012279 It was discovered that there was an arbitrary object deserialization vulnerability in php-horde-turba, an address book component for the Horde groupware suite. For Debian 11 bullseye, this problem has been fixed in version 4.2.25-5+deb11u2 We recommend that you upgrade your php-horde-turba packages. For the detailed security status of php-horde-turba please refer to its security tracker page at: https://security-tracker.debian.org/tracker/php-horde-turba Further information about Debian LTS security advisories, how to apply these updates to your system and frequently asked questions can be found at: https://wiki.debian.org/LTS Note: 4.2.25-5+deb11u1 had been uploaded incorrectly and thus never reached the archived. 4.2.25-5+deb11u2 is a no-change re-upload to correct this mistake.
Attachment:
signature.asc
Description: PGP signature