-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Format: 1.8 Date: Sat, 23 Jun 2018 11:09:57 +0100 Source: php-horde-image Binary: php-horde-image Architecture: source all Version: 2.3.6-1+deb9u1 Distribution: stretch-security Urgency: high Maintainer: Horde Maintainers <pkg-horde-hackers@lists.alioth.debian.org> Changed-By: Chris Lamb <lamby@debian.org> Description: php-horde-image - ${phppear:summary} Closes: 865504 865505 876400 Changes: php-horde-image (2.3.6-1+deb9u1) stretch-security; urgency=high . * CVE-2017-9773: Prevent a denial of service attack by ensuring an infinite loop cannot be triggered by a malicious request. (Closes: #865504) * CVE-2017-9774: Prevent a remote code execution vulnerability (RCE) that was exploitable by a logged-in user sending a maliciously crafted HTTP GET request to the image backends. Note that the fix applied upstream has a regression in that it ignores the "force aspect ratio" option; see <https://github.com/horde/Image/pull/1>. This has been remedied in this fix. (Closes: #865505) * CVE-2017-14650: Prevent another RCE that was exploitable by a logged-in user sending a maliciously crafted GET request specifically to the "im" image backend. (Closes: #876400) Checksums-Sha1: 47d78aaa68d3afd9fc0deb5c4c12419d1eeec577 2112 php-horde-image_2.3.6-1+deb9u1.dsc 3c2e1237dc532c1e40cf46d7bc59cd75d5794a3f 769650 php-horde-image_2.3.6.orig.tar.gz 7f35c6186f0e8c24c87374427c06cd9a74c56631 4816 php-horde-image_2.3.6-1+deb9u1.debian.tar.xz 967e0e206efe2b61cea3064fd29306405567fa26 165020 php-horde-image_2.3.6-1+deb9u1_all.deb 95df2167f336e96b8218cb2f132ab205d9044116 6343 php-horde-image_2.3.6-1+deb9u1_amd64.buildinfo Checksums-Sha256: fedd93b4e0580e98abc1fa9343d06c8dc29c7a8b93e8478b17424b3d9047196b 2112 php-horde-image_2.3.6-1+deb9u1.dsc d5c8953df1a7d4bef9fa65e33f4e6945c554eaa261a4233fab08593de5f82b60 769650 php-horde-image_2.3.6.orig.tar.gz a5eba44a63a43b178a1df042e9e6e27fa5d0ddbfbd7599a4adae1ddeaf40ce57 4816 php-horde-image_2.3.6-1+deb9u1.debian.tar.xz da869c96cd620231c697a9b02584efea9f01a37d134fc8e2309978a1b8fc256d 165020 php-horde-image_2.3.6-1+deb9u1_all.deb 07c7575bc25b2779acfb624828bc59081a88dbd011bf49f555e6797600343c30 6343 php-horde-image_2.3.6-1+deb9u1_amd64.buildinfo Files: 38e2ebfcc1c58e581c31a81e6a5dcb17 2112 php extra php-horde-image_2.3.6-1+deb9u1.dsc 3314aa612d97ee9c92ec47652601bba0 769650 php extra php-horde-image_2.3.6.orig.tar.gz ab94d6f57be315863bd3a9ee8944e290 4816 php extra php-horde-image_2.3.6-1+deb9u1.debian.tar.xz ac03f6dd0d26d05d93c12831bf95aece 165020 php extra php-horde-image_2.3.6-1+deb9u1_all.deb e4b9f653e06e706d60e8b86749900a55 6343 php extra php-horde-image_2.3.6-1+deb9u1_amd64.buildinfo -----BEGIN PGP SIGNATURE----- iQIzBAEBCAAdFiEEwv5L0nHBObhsUz5GHpU+J9QxHlgFAlt1lf4ACgkQHpU+J9Qx HlgYwQ//RKHjOa0CY6A7pdzjrOheIAfx6+SB+N1AHPh2BV8v9tnZFrmTBzNk7G6A 5xXBhDdQT0pSQpB3hWteFF7zmZvGGrnXcgJQI0mjWAasNyqHO+XE4w2LkN8KLZA5 NLoZx1pWhHiUgUryMv4l6ivpbAK1aeFYB8/KFuhD11/1FeXsFkRl/ctV0yY1is78 4mybxkT1jWXBEdTLOoyFwu8dMXlgtKSZS6cR4JoBVJcAOxTwkFqC6moNnkEg7V4f xKhygvVfWbZN+Xwf4tEJ/GkkUvmffiACSX2jdG6vEb1aaCLJMooS8dundLwer9O/ 6ocpBGrT/VkAGehpCKSC0cic9k8byyuQD2XvkHEfD7Jue76CZDOGnECbUK90aVkB 7SqQbGPcmGg8ZAW8lVsj+iWp2y35OjSB/z426D74AgsenMIG6qKZ7mtjgN6ub04A iZrsrIw6VvCq4uxDaSW2MlKSCaVdcbs1OwWNk18hysZ7VAInXcNop0npxNlbuvDW lPHv9KvCFHKMKD8a4SgrxNiRBs713cv2V5WwAYH87O2hvoRwA7f9GMjtfaRqMpne l7kKrM/gj39//T9cbWNzAoKjDyXG9MzRHN8SpzaFIltFGuZVvs+gSvNLrqL/m6ny haecT1LVZxsMVafMIFg8VIY1iFzoP7NPGNxMeJPJwFS0RjOprHk= =8w3R -----END PGP SIGNATURE-----