Accepted php-horde-image 2.3.6-1+deb9u1 (source all) into proposed-updates->stable-new, proposed-updates
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Format: 1.8
Date: Sat, 23 Jun 2018 11:09:57 +0100
Source: php-horde-image
Binary: php-horde-image
Architecture: source all
Version: 2.3.6-1+deb9u1
Distribution: stretch-security
Urgency: high
Maintainer: Horde Maintainers <pkg-horde-hackers@lists.alioth.debian.org>
Changed-By: Chris Lamb <lamby@debian.org>
Description:
php-horde-image - ${phppear:summary}
Closes: 865504 865505 876400
Changes:
php-horde-image (2.3.6-1+deb9u1) stretch-security; urgency=high
.
* CVE-2017-9773: Prevent a denial of service attack by ensuring an infinite
loop cannot be triggered by a malicious request. (Closes: #865504)
* CVE-2017-9774: Prevent a remote code execution vulnerability (RCE) that was
exploitable by a logged-in user sending a maliciously crafted HTTP GET
request to the image backends. Note that the fix applied upstream has a
regression in that it ignores the "force aspect ratio" option; see
<https://github.com/horde/Image/pull/1>. This has been remedied in this
fix. (Closes: #865505)
* CVE-2017-14650: Prevent another RCE that was exploitable by a logged-in
user sending a maliciously crafted GET request specifically to the "im"
image backend. (Closes: #876400)
Checksums-Sha1:
47d78aaa68d3afd9fc0deb5c4c12419d1eeec577 2112 php-horde-image_2.3.6-1+deb9u1.dsc
3c2e1237dc532c1e40cf46d7bc59cd75d5794a3f 769650 php-horde-image_2.3.6.orig.tar.gz
7f35c6186f0e8c24c87374427c06cd9a74c56631 4816 php-horde-image_2.3.6-1+deb9u1.debian.tar.xz
967e0e206efe2b61cea3064fd29306405567fa26 165020 php-horde-image_2.3.6-1+deb9u1_all.deb
95df2167f336e96b8218cb2f132ab205d9044116 6343 php-horde-image_2.3.6-1+deb9u1_amd64.buildinfo
Checksums-Sha256:
fedd93b4e0580e98abc1fa9343d06c8dc29c7a8b93e8478b17424b3d9047196b 2112 php-horde-image_2.3.6-1+deb9u1.dsc
d5c8953df1a7d4bef9fa65e33f4e6945c554eaa261a4233fab08593de5f82b60 769650 php-horde-image_2.3.6.orig.tar.gz
a5eba44a63a43b178a1df042e9e6e27fa5d0ddbfbd7599a4adae1ddeaf40ce57 4816 php-horde-image_2.3.6-1+deb9u1.debian.tar.xz
da869c96cd620231c697a9b02584efea9f01a37d134fc8e2309978a1b8fc256d 165020 php-horde-image_2.3.6-1+deb9u1_all.deb
07c7575bc25b2779acfb624828bc59081a88dbd011bf49f555e6797600343c30 6343 php-horde-image_2.3.6-1+deb9u1_amd64.buildinfo
Files:
38e2ebfcc1c58e581c31a81e6a5dcb17 2112 php extra php-horde-image_2.3.6-1+deb9u1.dsc
3314aa612d97ee9c92ec47652601bba0 769650 php extra php-horde-image_2.3.6.orig.tar.gz
ab94d6f57be315863bd3a9ee8944e290 4816 php extra php-horde-image_2.3.6-1+deb9u1.debian.tar.xz
ac03f6dd0d26d05d93c12831bf95aece 165020 php extra php-horde-image_2.3.6-1+deb9u1_all.deb
e4b9f653e06e706d60e8b86749900a55 6343 php extra php-horde-image_2.3.6-1+deb9u1_amd64.buildinfo
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCAAdFiEEwv5L0nHBObhsUz5GHpU+J9QxHlgFAlt1lf4ACgkQHpU+J9Qx
HlgYwQ//RKHjOa0CY6A7pdzjrOheIAfx6+SB+N1AHPh2BV8v9tnZFrmTBzNk7G6A
5xXBhDdQT0pSQpB3hWteFF7zmZvGGrnXcgJQI0mjWAasNyqHO+XE4w2LkN8KLZA5
NLoZx1pWhHiUgUryMv4l6ivpbAK1aeFYB8/KFuhD11/1FeXsFkRl/ctV0yY1is78
4mybxkT1jWXBEdTLOoyFwu8dMXlgtKSZS6cR4JoBVJcAOxTwkFqC6moNnkEg7V4f
xKhygvVfWbZN+Xwf4tEJ/GkkUvmffiACSX2jdG6vEb1aaCLJMooS8dundLwer9O/
6ocpBGrT/VkAGehpCKSC0cic9k8byyuQD2XvkHEfD7Jue76CZDOGnECbUK90aVkB
7SqQbGPcmGg8ZAW8lVsj+iWp2y35OjSB/z426D74AgsenMIG6qKZ7mtjgN6ub04A
iZrsrIw6VvCq4uxDaSW2MlKSCaVdcbs1OwWNk18hysZ7VAInXcNop0npxNlbuvDW
lPHv9KvCFHKMKD8a4SgrxNiRBs713cv2V5WwAYH87O2hvoRwA7f9GMjtfaRqMpne
l7kKrM/gj39//T9cbWNzAoKjDyXG9MzRHN8SpzaFIltFGuZVvs+gSvNLrqL/m6ny
haecT1LVZxsMVafMIFg8VIY1iFzoP7NPGNxMeJPJwFS0RjOprHk=
=8w3R
-----END PGP SIGNATURE-----