-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Format: 1.8
Date: Thu, 18 Feb 2021 14:22:48 +0100
Source: php-horde-text-filter
Binary: php-horde-text-filter
Architecture: source all
Version: 2.3.5-1+deb9u1
Distribution: stretch-security
Urgency: high
Maintainer: Utkarsh Gupta <utkarsh.gupta@canonical.com>
Changed-By: Sylvain Beucler <beuc@debian.org>
Description:
php-horde-text-filter - ${phppear:summary}
Changes:
php-horde-text-filter (2.3.5-1+deb9u1) stretch-security; urgency=high
.
* Non-maintainer upload by the LTS Security Team.
* CVE-2021-26929: An XSS issue was discovered in Horde Groupware Webmail
Edition (where the Horde_Text_Filter library is used). The attacker
can send a plain text e-mail message, with JavaScript encoded as a
link or email that is mishandled by preProcess in Text2html.php,
because bespoke use of \x00\x00\x00 and \x01\x01\x01 interferes with
XSS defenses.
Checksums-Sha1:
2a7366c3226c5db79313aeb05daf133340c0ca7c 2202 php-horde-text-filter_2.3.5-1+deb9u1.dsc
bceb5239ff979e427aa21c4a8342ce0034b07435 54438 php-horde-text-filter_2.3.5.orig.tar.gz
78e74754378d6b8bd70803430e1016eefc7d1842 5536 php-horde-text-filter_2.3.5-1+deb9u1.debian.tar.xz
6c71db09a04921662143dd5dc636fcc1651c329a 47536 php-horde-text-filter_2.3.5-1+deb9u1_all.deb
2beed86d942691f1247834ed192606a0280c5564 6793 php-horde-text-filter_2.3.5-1+deb9u1_amd64.buildinfo
Checksums-Sha256:
1b0cd96e43a8c1f506e81d3f922302830a59e9c39260ade999c61c63fb2b4b54 2202 php-horde-text-filter_2.3.5-1+deb9u1.dsc
e3e1027edc272e750dac8e85c16702e5c52f065f049903bf025503da7c9e034c 54438 php-horde-text-filter_2.3.5.orig.tar.gz
b510a870697dbba78d275fc307f990d8531f0a4077316eff20b40804bddcaa8a 5536 php-horde-text-filter_2.3.5-1+deb9u1.debian.tar.xz
3563e5d480fd359af4f1471e5392b012893602af9c119a281917deefe34d3f3b 47536 php-horde-text-filter_2.3.5-1+deb9u1_all.deb
6229c90ba0df044f46cefedc0d43ebd93f4ca4f1a657b3cb7e231c04a70abd83 6793 php-horde-text-filter_2.3.5-1+deb9u1_amd64.buildinfo
Files:
6467425926fd30bcb2a8d74ba925b122 2202 php extra php-horde-text-filter_2.3.5-1+deb9u1.dsc
387f7ca59173f38872af5a4eaea10b2a 54438 php extra php-horde-text-filter_2.3.5.orig.tar.gz
e5def5fa3e994e9e42ba1470d7d4f167 5536 php extra php-horde-text-filter_2.3.5-1+deb9u1.debian.tar.xz
2c837ebd1143f2ce0525ebb8e138be30 47536 php extra php-horde-text-filter_2.3.5-1+deb9u1_all.deb
9457b8ec759ed71ef0ecc2c385c776a9 6793 php extra php-horde-text-filter_2.3.5-1+deb9u1_amd64.buildinfo
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCAAdFiEEbJ0QSEqa5Mw4X3xxgj6WdgbDS5YFAmAui2cACgkQgj6WdgbD
S5ZpNQ//WWBrDrQQHpJs4//MtpQN2eQMijabtE6G0/bGF3yMy4VVZHSjAasqD5a3
OAFJAAqE/vULOFXDA9ilY2n24LrBrtaVNoHze9Jrws2a29nwV/Lo8AczbiEQjF6d
j8KJ/4p2iMILI3prCOOyULJ0vV56FYMZrqO5aeTP6fWzfFyeOMb8Ez1hu91DI+aq
9l3pHkR9B1URVYONBVg7B8vKJZtfAWxxdKTxXEu0H391O/OhLm7hnswBH9TmoxJ0
IXb42bqxQ6HnbDVwsLlRzh+Ji3edLFNgq1GqBlkd30GdcZ7U47iJv3jH6Z18N4ds
ybo1ahNyGpPLNJS2rhXYYnDKVPI3Gvaf12d5tkS5H1WUNMp4hYVcIalcjNWP/BmZ
hObhQIM1YF+89IXEi8WSOVJuRSaeoU4k2zAvhcHkIyDvv0kn/+cEvld57FyXNkpd
3/+0xvlyQaIAxkq+dS7Da/Alt11Js+RnG9S1jERYpfHYuM+8WQwX/0XZogCOaWSp
Tf8xCwYUHV0lgnJhnHw+JWt2HBJdNezLEfIDErG3ML1LKgxVciLp5iKOovEb23mw
gOM6thrpqAOvTj6RCzym7wvDHwiJt4q2OouEEu11kBRteHDRaY7mQ9IlPUUlm7Ne
HtSKqLaHkQWG17sdCuPlNr98epmNBrekXaSB150NPw2aCv3sjXo=
=EERu
-----END PGP SIGNATURE-----
