php-horde-groupware - Debian Package Tracker

general

source: php-horde-groupware (main)
version: 5.2.22-6
maintainer: Horde Maintainers (DMD)
uploaders: Juri Grabowski [DMD] – Mike Gabriel [DMD]
arch: all
std-ver: 4.5.0
VCS: Git (Browse, QA)

versions [more versions can be listed by madison] [old versions available from snapshot.debian.org]

[pool directory]

o-o-stable: 5.2.22-6
oldstable: 5.2.22-6
unstable: 5.2.22-6

versioned links

5.2.22-6: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]

binaries

php-horde-groupware (3 bugs: 3, 0, 0, 0)

action needed

1 security issue in sid high

There is 1 open security issue in sid.

1 important issue:

CVE-2025-41066: Horde Groupware v5.2.22 has a user enumeration vulnerability that allows an unauthenticated attacker to determine the existence of valid accounts on the system. To exploit the vulnerability, an HTTP request must be sent to ‘/imp/attachment.php’ including the parameters ‘id’ and ‘u’. If the specified user exists, the server will return the download of an empty file; if it does not exist, no download will be initiated, which unequivocally reveals the validity of the user.

Created: 2025-12-04 Last update: 2025-12-18 19:30

The package has not entered testing even though the delay is over normal

The package has not entered testing even though the 5-day delay is over. Check why.

Created: 2023-10-22 Last update: 2026-01-07 09:18

2 new commits since last upload, is it time to release? normal

vcswatch reports that this package seems to have new commits in its VCS but has not yet updated debian/changelog. You should consider updating the Debian changelog and uploading this new version into the archive.

Here are the relevant commit logs:

commit cac218660059db74c1db4a14ab32886afbea8d2d
Author: Mike Gabriel <mike.gabriel@das-netzwerkteam.de>
Date:   Thu Dec 9 14:25:15 2021 +0100

    d/watch: Switch to format version 4.

commit 55c39870f120d6093fe29c48d0d7bbe48bdda1a7
Author: Mike Gabriel <mike.gabriel@das-netzwerkteam.de>
Date:   Thu Dec 9 14:18:26 2021 +0100

    d/control: Bump Standards-Version: to 4.6.0. No changes needed.

Created: 2021-12-09 Last update: 2026-01-04 02:31

lintian reports 3 warnings normal

Lintian reports 3 warnings about this package. You should make the package lintian clean getting rid of them.

Created: 2020-08-22 Last update: 2025-09-11 00:03

1 low-priority security issue in bookworm low

There is 1 open security issue in bookworm.

1 issue left for the package maintainer to handle:

CVE-2025-41066: (needs triaging) Horde Groupware v5.2.22 has a user enumeration vulnerability that allows an unauthenticated attacker to determine the existence of valid accounts on the system. To exploit the vulnerability, an HTTP request must be sent to ‘/imp/attachment.php’ including the parameters ‘id’ and ‘u’. If the specified user exists, the server will return the download of an empty file; if it does not exist, no download will be initiated, which unequivocally reveals the validity of the user.

You can find information about how to handle this issue in the security team's documentation.

Created: 2025-12-04 Last update: 2025-12-18 19:30

Standards version of the package is outdated. wishlist

The package should be updated to follow the last version of Debian Policy (Standards-Version 4.7.3 instead of 4.5.0).

Created: 2020-11-17 Last update: 2025-12-23 20:00

testing migrations

excuses:
- Migrates after: pear-channels, php-horde, php-horde-content, php-horde-gollem, php-horde-kronolith, php-horde-mnemo, php-horde-nag, php-horde-role, php-horde-timeobjects, php-horde-trean, php-horde-turba
- Migration status for php-horde-groupware (- to 5.2.22-6): BLOCKED: Rejected/violates migration policy/introduces a regression
- Issues preventing migration:
- ∙ ∙ Updating php-horde-groupware would introduce bugs in testing: #1102702, #1102708, #1102714, #1123000
- ∙ ∙ Build-Depends(-Arch): php-horde-groupware pear-channels (not considered)
- ∙ ∙ Build-Depends(-Arch): php-horde-groupware php-horde-role
- ∙ ∙ Depends: php-horde-groupware php-horde (not considered)
- ∙ ∙ Depends: php-horde-groupware php-horde-content (not considered)
- ∙ ∙ Depends: php-horde-groupware php-horde-gollem (not considered)
- ∙ ∙ Depends: php-horde-groupware php-horde-kronolith (not considered)
- ∙ ∙ Depends: php-horde-groupware php-horde-mnemo (not considered)
- ∙ ∙ Depends: php-horde-groupware php-horde-nag (not considered)
- ∙ ∙ Depends: php-horde-groupware php-horde-timeobjects
- ∙ ∙ Depends: php-horde-groupware php-horde-trean
- ∙ ∙ Depends: php-horde-groupware php-horde-turba (not considered)
- Additional info (not blocking):
- ∙ ∙ Piuparts tested OK - https://piuparts.debian.org/sid/source/p/php-horde-groupware.html
- ∙ ∙ Reproducible on amd64 - info ♻
- ∙ ∙ Reproducible on arm64 - info ♻
- ∙ ∙ 2016 days old (needed 5 days)
- Not considered

news

[rss feed]

[2023-09-14] php-horde-groupware REMOVED from testing (Debian testing watch)
[2023-01-07] php-horde-groupware 5.2.22-6 MIGRATED to testing (Debian testing watch)
[2022-02-27] php-horde-groupware REMOVED from testing (Debian testing watch)
[2020-10-24] php-horde-groupware 5.2.22-6 MIGRATED to testing (Debian testing watch)
[2020-07-01] Accepted php-horde-groupware 5.2.22-6 (source) into unstable (Mike Gabriel)
[2020-05-25] Accepted php-horde-groupware 5.2.22-5 (source all) into unstable, unstable (Debian FTP Masters) (signed by: Mike Gabriel)
[2020-05-01] php-horde-groupware REMOVED from testing (Debian testing watch)
[2020-04-29] Removed 5.2.22-4 from unstable (Debian FTP Masters)
[2019-10-24] php-horde-groupware 5.2.22-4 MIGRATED to testing (Debian testing watch)
[2019-10-18] Accepted php-horde-groupware 5.2.22-4 (source) into unstable (Mathieu Parent)
[2018-05-21] php-horde-groupware 5.2.22-3 MIGRATED to testing (Debian testing watch)
[2018-05-15] Accepted php-horde-groupware 5.2.22-3 (source all) into unstable (Mathieu Parent)
[2018-04-12] php-horde-groupware 5.2.22-2 MIGRATED to testing (Debian testing watch)
[2018-04-06] Accepted php-horde-groupware 5.2.22-2 (source all) into unstable (Mathieu Parent)
[2017-10-03] php-horde-groupware 5.2.22-1 MIGRATED to testing (Debian testing watch)
[2017-09-27] Accepted php-horde-groupware 5.2.22-1 (source all) into unstable (Mathieu Parent)
[2017-08-07] php-horde-groupware 5.2.21-1 MIGRATED to testing (Debian testing watch)
[2017-08-01] Accepted php-horde-groupware 5.2.21-1 (source all) into unstable (Mathieu Parent)
[2017-07-07] php-horde-groupware 5.2.20-1 MIGRATED to testing (Debian testing watch)
[2017-07-01] Accepted php-horde-groupware 5.2.20-1 (source all) into unstable (Mathieu Parent)
[2016-12-29] php-horde-groupware 5.2.17-1 MIGRATED to testing (Debian testing watch)
[2016-12-19] Accepted php-horde-groupware 5.2.17-1 (source all) into unstable (Mathieu Parent)
[2016-10-16] php-horde-groupware 5.2.16-1 MIGRATED to testing (Debian testing watch)
[2016-10-10] Accepted php-horde-groupware 5.2.16-1 (source all) into unstable (Mathieu Parent)
[2016-07-13] php-horde-groupware 5.2.15-1 MIGRATED to testing (Debian testing watch)
[2016-07-07] Accepted php-horde-groupware 5.2.15-1 (source all) into unstable (Mathieu Parent)
[2016-06-15] php-horde-groupware 5.2.14-2 MIGRATED to testing (Debian testing watch)
[2016-06-09] Accepted php-horde-groupware 5.2.14-2 (source all) into unstable (Mathieu Parent)
[2016-04-11] php-horde-groupware 5.2.14-1 MIGRATED to testing (Debian testing watch)
[2016-04-06] Accepted php-horde-groupware 5.2.14-1 (source all) into unstable (Mathieu Parent)

bugs [bug history graph]

all: 4
RC: 4
I&N: 0
M&W: 0
F&P: 0
patch: 0

links

homepage
lintian (0, 3)
buildd: logs
popcon
browse source code
edit tags
other distros
security tracker
screenshots