-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Tue, 24 Mar 2020 13:54:47 -0400 Source: php-horde-form Binary: php-horde-form Architecture: source Version: 2.0.15-1+deb9u2 Distribution: stretch Urgency: high Maintainer: Horde Maintainers <pkg-horde-hackers@lists.alioth.debian.org> Changed-By: Roberto C. Sanchez <roberto@debian.org> Description: php-horde-form - ${phppear:summary} Closes: 955020 Changes: php-horde-form (2.0.15-1+deb9u2) stretch; urgency=high . * Fix CVE-2020-8866: The Horde Application Framework contained a remote code execution vulnerability. An authenticated remote attacker could use this flaw to upload arbitrary content to an arbitrary writable location on the server and potentially execute code in the context of the web server user. (Closes: #955020) Checksums-Sha1: d60d62a4780290e180e7d9190d9cee566fea1a06 2041 php-horde-form_2.0.15-1+deb9u2.dsc d9fab15615b703171abbca2b4d7cb906a2e170e2 3648 php-horde-form_2.0.15-1+deb9u2.debian.tar.xz 0398eb71fd79bbb2887aaf3be808bfa105f9bba9 6209 php-horde-form_2.0.15-1+deb9u2_amd64.buildinfo Checksums-Sha256: b2f25b609586c3dbd603ca99d54af81d3c9ff516def7e2c476bea2d9abb59191 2041 php-horde-form_2.0.15-1+deb9u2.dsc 1bca7901e8299b4bbe2a24dc7e5c332c600522b076bd0c6513af73ce7caddbc6 3648 php-horde-form_2.0.15-1+deb9u2.debian.tar.xz fdbe81fca38d651c2991d433a50969c834a9e52baaf9dbacf9151a01ab236dae 6209 php-horde-form_2.0.15-1+deb9u2_amd64.buildinfo Files: 336a83d214bcd245659d47111e4a584e 2041 php extra php-horde-form_2.0.15-1+deb9u2.dsc 8dba018531d7b835c9de1932f354547d 3648 php extra php-horde-form_2.0.15-1+deb9u2.debian.tar.xz 43e5adad0c86e5e83347aeeab8cdfe40 6209 php extra php-horde-form_2.0.15-1+deb9u2_amd64.buildinfo -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEEz9ERzDttUsU/BH8iLNd4Xt2nsg8FAl6TE2kACgkQLNd4Xt2n sg/p8Q/+O4X2SmRtUA/EYTs4os0qkbUjo33QOqJINZF5ZQ/u8AKd07f+2QQopnt6 VaXRfn+J+NhQ7++OgzSE+oB7Px0RcWJ55HuKZ9HXDEgO1U/Qm6pi1rcoIUM3gvY1 lHWn2Fs4SB3G5BCgINFr3VKNjNA8bZzOFpS7dc0ruepiL3GF94AtViu7aCFrdrML fxmxcfvjdjTV2r0ELiIARBtORE5jqFMMpn9TlO0wOHfwmSo7Um5lLfF6U75tcnYk S5QYjqIQEcwGEAlM6sNOvO13OB2Yz8/pOhWxvGKm59Y1aPa2CVi355Y+/gUZtHiV 48Xro88uhguWAZxgz6IRYNBdchi5ZzJIOxSfX2CnuJdI2PKFgsQEhA2hJtiRcxG2 hxX9spI0hgE/2vGBX1Pxtz9SY35nvIoaZFKistDACqaWtU0Nkv+VJv5wL7MSKAQU e6YtNgfZUqx73aNez48rvbn8qnxpQwmpfYruKxFQU/RRHXrJp62aXdNv/N8RHb/w odgb3RnXAjck2kbYKyvu2KlGM5PW0lkk4KBFwuh0lHt45svija0FIoTvASLxsM2J lEqM9bjPzy1BlxKQXHIE1ngpafiCpT8ff6jSPvjULa6RAx25dPJCQLZX8AYM35Fz wGNspN64r0HD9kUrJKt5i/ezzZDrf0NOunQBcoEbIz2nA+aP8qw= =wqIa -----END PGP SIGNATURE-----