Debian Package Tracker

From: Chris Lamb <lamby@debian.org>
To: <dispatch@tracker.debian.org> , <debian-lts-changes@lists.debian.org>
Subject: Accepted php-horde-image 2.1.0-4+deb8u1 (source all) into oldstable, oldstable
Date: Mon, 02 Jul 2018 11:14:08 +0000
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Format: 1.8
Date: Fri, 22 Jun 2018 10:42:40 +0100
Source: php-horde-image
Binary: php-horde-image
Architecture: source all
Version: 2.1.0-4+deb8u1
Distribution: jessie-security
Urgency: high
Maintainer: Horde Maintainers <pkg-horde-hackers@lists.alioth.debian.org>
Changed-By: Chris Lamb <lamby@debian.org>
Description:
 php-horde-image - ${phppear:summary}
Closes: 865505 876400
Changes:
 php-horde-image (2.1.0-4+deb8u1) jessie-security; urgency=high
 .
   * CVE-2017-9774: Prevent a remote code execution vulnerability (RCE) that was
     exploitable by a logged-in user sending a maliciously crafted HTTP GET
     request to the image backends. Note that the fix applied upstream has a
     regression in that it ignores the "force aspect ratio" option; see
     <https://github.com/horde/Image/pull/1>. This has been remedied in this
     fix. (Closes: #865505)
 .
   * CVE-2017-14650: Prevent another RCE that was exploitable by a logged-in
     user sending a maliciously crafted GET request specifically to the "im"
     image backend. (Closes: #876400)
Checksums-Sha1:
 fbe29a1555e89c6e6f38d11207e65607692c1c73 2065 php-horde-image_2.1.0-4+deb8u1.dsc
 998a890c883cd4c8ae2105c1dde0bc193261941f 783021 php-horde-image_2.1.0.orig.tar.gz
 d67f1c5bba2f2b1f9c91a9debefd6128e8d9a241 4348 php-horde-image_2.1.0-4+deb8u1.debian.tar.xz
 baac6b88102ca73de10ffae7e722836ea12d0818 161364 php-horde-image_2.1.0-4+deb8u1_all.deb
Checksums-Sha256:
 3d9a2e34837a74f596d37e740bbf16fbbb96b4d4349b446ebfdfc966ec51e376 2065 php-horde-image_2.1.0-4+deb8u1.dsc
 bfbbdf549c13ccc31d8c939309fcbb9955b353511718885b609da2217d77977a 783021 php-horde-image_2.1.0.orig.tar.gz
 1207a8b7c5555d7413e999c202169457a689f91756f02bd96e9e76cd0f702a31 4348 php-horde-image_2.1.0-4+deb8u1.debian.tar.xz
 17665ebfe48bf5f69222c7e63ed50155bf2aa49e3439d492c87ae36573f63808 161364 php-horde-image_2.1.0-4+deb8u1_all.deb
Files:
 ae6d3f704702394ffa0c2a4aa6e1bc12 2065 php extra php-horde-image_2.1.0-4+deb8u1.dsc
 6c6bbab8987b73eb204534734e8b0b47 783021 php extra php-horde-image_2.1.0.orig.tar.gz
 10426dfcda4cfd7a9a050289ad7d164f 4348 php extra php-horde-image_2.1.0-4+deb8u1.debian.tar.xz
 a9472dd696dc5f2a3c003e9a4f3b353e 161364 php extra php-horde-image_2.1.0-4+deb8u1_all.deb

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCAAdFiEEwv5L0nHBObhsUz5GHpU+J9QxHlgFAlsszdEACgkQHpU+J9Qx
HlhOHhAAlvz5UvGpbcYhQMdpJeJPzkV+izp/qsM7I8GL58Tm9C3LY1Dhg7L6ZvHw
AwhGXoeDetPdlDSkO+4xPjmTE81aZKyuoVPdZt8ftCPe8F0i3D++15W9L0rAtFIk
uZDLQM077sWD40i/V2g9+CrnBNFbPIdBoi5PH97qWktj/7SvcWqrz6boPIHLG3fI
/8LjkUwMXOSiFj4039TgX0b9jE/lf9Jy3Bwq+iPxDWL1l65APY+LajicwqFjRkiN
DjngkZbzXV22uotYx77rUREc7/BHpGYxTxw8RB7SBGO4a6LAr53Kcs5a+lwE9epq
gveZx3DHbS3izJZhq5Sbp/mgogrsP6SWb8cCADhS25M0zAVZCxmid7KrsWOtzhHl
EmMUG2YHXnZoJxbnBpGZ15p7OY+ng816pzZ5AHn2OX8k8Ss2NowLoQrHpddbZgR2
g5P5jf2lxQfkVLqhpJHM5DJlsXBskda/IJ2TRRM200Kwxr8ENNIzSWKOjpXkWQwF
DjUhY5LwPxMawlzOIpOpR04RCH7syH4If5VowCnuUQ7ldpgfpDDAfr228a+EiprU
OJJMSQf3w480IwCbvCkVcU9T2OsHsx5py+2OvbB4CEddSaw+gsCEUZDecJE50TgZ
D0fRoyXbHBgqkE+Ce6AUPtVZPsqrwgtesRzcplB3VgguPbgLgRg=
=tagi
-----END PGP SIGNATURE-----
News for package php-horde-image
