-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 - ------------------------------------------------------------------------- Debian LTS Advisory DLA-4113-1 [email protected] https://www.debian.org/lts/security/ Sylvain Beucler April 03, 2025 https://wiki.debian.org/LTS - -------------------------------------------------------------------------
Package : php-horde-imp Version : 6.2.27-2+deb11u1 CVE ID : CVE-2025-30349 Debian Bug : 1042715 An XSS vulnerability was discovered in Horde IMP, the webmail component of the Horde groupware platform. An attacker could hijack a user session by sending a crafted e-mail to an IMP user. Additionally, adjustments were made to handle the move to CKEditor v4 (see DLA-4112-1). For Debian 11 bullseye, this problem has been fixed in version 6.2.27-2+deb11u1. We recommend that you upgrade your php-horde-imp packages. For the detailed security status of php-horde-imp please refer to its security tracker page at: https://security-tracker.debian.org/tracker/php-horde-imp Further information about Debian LTS security advisories, how to apply these updates to your system and frequently asked questions can be found at: https://wiki.debian.org/LTS -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEE1vEOfV7HXWKqBieIDTl9HeUlXjAFAmfuVgkACgkQDTl9HeUl XjBOIBAAxt9P0xKanfdLzHpm2vJ81X0kde45Js/csmk/67pJrMBnFAJOOl5BkHmT 1CvqrBy5tii97GM+G2mLiNYeVvSPPrf6fFJKEIYFAPAY+kvytP8kIdlhsmnVWQ6/ BCv3geGzjp5kc5rjfcqTX9UTCxHW2kMczV4EABlf5Jdg9K8oZ+uxhU181XDCN4oS 3zzk9S6VEGmPnIWY3MIrIYCJur3nrroMxLRd90a+U023o9XNZ4hjIG54hJi+O3Mv Ujkg6awvHQ/XOD31FS2G7T2msd6YkalZfsA8YGW8ez034CllwVmZphdxdahRcaZx z0xHcFYhhUmwasPyZ7R5OhrBE+A2YkW9BhwGCi+kpv05F93gAddD1hPj5lzvrlr0 KbY6Q07QG1LzeWDnGwheERFTqY98vFHahYkIYg53e78/FW+7r63WLNcbkcXRPMPB ftad8r4G8ILWS374RSt4N1lPacxx2mQ/unma+V92eycj9/NS/Nszj/IhB8CINr3J NxgB0HWojPxUvfLhmYiRPUTBAPr+6z6Ba/Da9b2Je85LRFvZuLKHXim+kv8vfRXw gEMmcRJW7XxQmUoI4aG+DXNA3X3w5u9EyKfxZ9MUDH23Dll/ujLIXuXLrdxyNnfq f7FdEX/lmFPf+21vNxV/EAQ4QVenlpFZS/ArwNjPdYYZAVQyW5I= =IZwj -----END PGP SIGNATURE-----
