[SECURITY] [DLA 2125-1] collabtive security update

To: debian-lts-announce@lists.debian.org
Subject: [SECURITY] [DLA 2125-1] collabtive security update
From: Thorsten Alteholz <debian@alteholz.de>
Date: Fri, 28 Feb 2020 23:26:54 +0100 (CET)
Message-id: <[🔎] alpine.DEB.2.20.2002282325310.6110@jupiter.server.alteholz.net>
Mail-followup-to: debian-lts@lists.debian.org
Reply-to: debian-lts@lists.debian.org

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Package        : collabtive
Version        : 2.0+dfsg-5+deb8u1
CVE ID         : CVE-2015-0258

An issue has been found in collabtive, a web-based project managementsoftware. Due to missing checks an attacker could upload scripts, which

would execute code on the server by accessing for example avatar images.


For Debian 8 "Jessie", this problem has been fixed in version
2.0+dfsg-5+deb8u1.

We recommend that you upgrade your collabtive packages.

Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS

-----BEGIN PGP SIGNATURE-----

iQKTBAEBCgB9FiEEYgH7/9u94Hgi6ruWlvysDTh7WEcFAl5Zk65fFIAAAAAALgAo
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDYy
MDFGQkZGREJCREUwNzgyMkVBQkI5Njk2RkNBQzBEMzg3QjU4NDcACgkQlvysDTh7
WEefzxAAiBFzuD0Qm9qNmE1x+lfyVDe12M847akKIUSwhTDS43lYWzFyUbAvVcO8
BX5Y651yamGPuloI6i9/GhJtW2DO7sEwl2CKeVrjF1gb2y3ja/Gb0L7WLKsI9Buf
rM5p4qbhQi4yPWkhfvmMXrZHOJGkshNAV0zr+yHroMUZYCrDAcw+Uf+szb4qfr/C
QB56FqMBQLkp419RaKvBfBqpDEd5nwxBMtQtgHk1qxxJbcG7rM/ehoCCMIszg3VO
yDhbm4TT7SruB0h/EN3+58iSt24+2XtTKzOxepkWgHEWDns+7K5nQKHZxQzAwv94
T+4n2qNsKjJFLxFACt4qBFyJkLe+R2S3i0LuArXUVG8wHi0+EWVsp/vGzhE0PHq8
cjzs6NFfLHK3Gw1ITof8J/upGTdC9kwfdopnW00WozwYAg7wZUqpfOdinR88mXc9
Zys+ZTPEOUvCvgM7vr6PGUQu/GIZeAvRSUKCEOq62BL2YsuzZzY+0exFb7pKHbL+
w5imH5atQoNQyIctjjeuXgT+b4Tyi1Ao0Z17xHxt8DIE9BZ/XrvULS7dLA2Vdfxn
UK29Tpv5Xk9lNKWelay9yRvVzrAlbkXuz6gWNq2qWv4wrZ8hbiS6pUYGPhEFqPU7
HoQJ7/4zmP8BmKL1I++93RB/+XRHnSJ3BvRPwtBrWcW6NLrHq8k=
=2RvP
-----END PGP SIGNATURE-----

Reply to:

Prev by Date: [SECURITY] [DLA 2124-1] php5 security update
Next by Date: [SECURITY] [DLA 2126-1] gst-plugins-base0.10 security update
Previous by thread: [SECURITY] [DLA 2124-1] php5 security update
Next by thread: [SECURITY] [DLA 2126-1] gst-plugins-base0.10 security update
Index(es):
- Date
- Thread