[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

[SECURITY] [DLA 4113-1] php-horde-imp security update

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- -------------------------------------------------------------------------
Debian LTS Advisory DLA-4113-1                debian-lts@lists.debian.org
https://www.debian.org/lts/security/                      Sylvain Beucler
April 03, 2025                                https://wiki.debian.org/LTS
- -------------------------------------------------------------------------

Package        : php-horde-imp
Version        : 6.2.27-2+deb11u1
CVE ID         : CVE-2025-30349
Debian Bug     : 1042715

An XSS vulnerability was discovered in Horde IMP, the webmail
component of the Horde groupware platform. An attacker could hijack a
user session by sending a crafted e-mail to an IMP user.

Additionally, adjustments were made to handle the move to CKEditor v4
(see DLA-4112-1).

For Debian 11 bullseye, this problem has been fixed in version
6.2.27-2+deb11u1.

We recommend that you upgrade your php-horde-imp packages.

For the detailed security status of php-horde-imp please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/php-horde-imp

Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS
-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEE1vEOfV7HXWKqBieIDTl9HeUlXjAFAmfuVgkACgkQDTl9HeUl
XjBOIBAAxt9P0xKanfdLzHpm2vJ81X0kde45Js/csmk/67pJrMBnFAJOOl5BkHmT
1CvqrBy5tii97GM+G2mLiNYeVvSPPrf6fFJKEIYFAPAY+kvytP8kIdlhsmnVWQ6/
BCv3geGzjp5kc5rjfcqTX9UTCxHW2kMczV4EABlf5Jdg9K8oZ+uxhU181XDCN4oS
3zzk9S6VEGmPnIWY3MIrIYCJur3nrroMxLRd90a+U023o9XNZ4hjIG54hJi+O3Mv
Ujkg6awvHQ/XOD31FS2G7T2msd6YkalZfsA8YGW8ez034CllwVmZphdxdahRcaZx
z0xHcFYhhUmwasPyZ7R5OhrBE+A2YkW9BhwGCi+kpv05F93gAddD1hPj5lzvrlr0
KbY6Q07QG1LzeWDnGwheERFTqY98vFHahYkIYg53e78/FW+7r63WLNcbkcXRPMPB
ftad8r4G8ILWS374RSt4N1lPacxx2mQ/unma+V92eycj9/NS/Nszj/IhB8CINr3J
NxgB0HWojPxUvfLhmYiRPUTBAPr+6z6Ba/Da9b2Je85LRFvZuLKHXim+kv8vfRXw
gEMmcRJW7XxQmUoI4aG+DXNA3X3w5u9EyKfxZ9MUDH23Dll/ujLIXuXLrdxyNnfq
f7FdEX/lmFPf+21vNxV/EAQ4QVenlpFZS/ArwNjPdYYZAVQyW5I=
=IZwj
-----END PGP SIGNATURE-----
Reply to: