-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Tue, 24 Mar 2020 13:55:11 -0400 Source: php-horde-form Architecture: source Version: 2.0.18-3.1+deb10u1 Distribution: buster Urgency: high Maintainer: Horde Maintainers <team+debian-horde-team@tracker.debian.org> Changed-By: Roberto C. Sanchez <roberto@debian.org> Closes: 955020 Changes: php-horde-form (2.0.18-3.1+deb10u1) buster; urgency=high . * Fix CVE-2020-8866: The Horde Application Framework contained a remote code execution vulnerability. An authenticated remote attacker could use this flaw to upload arbitrary content to an arbitrary writable location on the server and potentially execute code in the context of the web server user. (Closes: #955020) Checksums-Sha1: 75b55c10b7cca8263c90efd012520173c377a7a3 2032 php-horde-form_2.0.18-3.1+deb10u1.dsc f9d230e6869c253acb2bcd5f4fba752b895e9db9 197432 php-horde-form_2.0.18.orig.tar.gz 446d553eba62a9c745afea5a6aea74205cc13922 3724 php-horde-form_2.0.18-3.1+deb10u1.debian.tar.xz 4ddbbed7c76430e347003bc84bd77358b2a1cd6f 5859 php-horde-form_2.0.18-3.1+deb10u1_amd64.buildinfo Checksums-Sha256: 17fa8e1eea8111152fe8b69e1f2bf7929f7c30c3077913395677817727638599 2032 php-horde-form_2.0.18-3.1+deb10u1.dsc 0fd6c9c45156f56f462b38283530485eb8992968fc5c4849d2b669150d028110 197432 php-horde-form_2.0.18.orig.tar.gz d8146904f0dcf0850704cac2e47cdb8f537a8d32b8ce1698c2fbb5020ae537b0 3724 php-horde-form_2.0.18-3.1+deb10u1.debian.tar.xz 4d02a481fe7033b849bc4dc7e19176f850823f34c0d86437febc7e0f71caa9c6 5859 php-horde-form_2.0.18-3.1+deb10u1_amd64.buildinfo Files: 6704ca7e4c685a830d2c1e8beb2f1031 2032 php optional php-horde-form_2.0.18-3.1+deb10u1.dsc 0d044b0aa6f50d8f10758791d00c520a 197432 php optional php-horde-form_2.0.18.orig.tar.gz d20f6edf9c4bd01c42b50e3994ded774 3724 php optional php-horde-form_2.0.18-3.1+deb10u1.debian.tar.xz 3b6a35ef5dd8f4b0a69e247be70f144a 5859 php optional php-horde-form_2.0.18-3.1+deb10u1_amd64.buildinfo -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEEz9ERzDttUsU/BH8iLNd4Xt2nsg8FAl6TE3QACgkQLNd4Xt2n sg+Uqg/+O7uL8pRMTbN4/o7tRWEbDIaOsJTlqMmEu+LGXOASjxoPA1yQZm21HhKz L6qgon1w8+4QhyKBt90cAdweot6gVk/+QCDVR+PiR1E9HjVC280q1FD3kCClqnUr cgnrZLloY+pGwzjRrLjCKAq+chydWtMDhgAfTBPVXVGxcxhUvQW110SuFN8I6nzY etZsvJ0oscSyFkLl/lnLauRx479KG9Q8H9KSyThBvLGb0g1/rW1BAdwJ5nI03kU1 Sw8BJZVGloSF29HOiCvLQq2qtI9DOnrvuI96Seu0e+cvakALVBRhDgEHmG8t7VIN TjQA2s/zYwN5FV94lKV7/78hn2Wwm1Ptv3e1yRzz9D8InJFDyhKjM9Ruw2lEBOdN m0cqMT4EKgGfFksB/cSbx0LNdSMLDRMp32tUSfgBG/QgM+V7hLZ6qkkdKm6eBAXm vWsHq7HYDBbiHj/AbnHWtBEqrzwlh3NPr0gL7BsycFxquKCcNOB15mqANc3XbxBn KuXwQ6jc2IYrk7lGEGri9wkP2KNKsUEsE1wgu3UvSWhbinh+2At0oIEs6JsZTRQr 6CmQHeMsZhRl4f4DRpg3Swz1ISb1ewN+YaglX7EoXo7H3KCBvxAzvrIPYCD0/x/s mkU/6Ksf5k9IbkCEy13UwtBpyeWpi1C0x60sJ2RMxpuHnuhxhy4= =4do8 -----END PGP SIGNATURE-----
