| Release | Version |
|---|---|
| jessie | 5.2.1+debian0-2+deb8u3 |
| jessie (security) | 5.2.1+debian0-2+deb8u4 |
| stretch | 5.2.13+debian0-1 |
| buster | 5.2.20+debian0-1 |
| bullseye | 5.2.20+debian0-1 |
| sid | 5.2.20+debian0-1 |
| Bug | jessie | stretch | buster | bullseye | sid | Description |
|---|---|---|---|---|---|---|
| CVE-2017-16907 | fixed | vulnerable (no DSA) | fixed | fixed | fixed | In Horde Groupware 5.2.19 and 5.2.21, there is XSS via the Color field ... |
| Bug | Description |
|---|---|
| TEMP-0785364-25992B | XSS in group administration |
| CVE-2016-2228 | Cross-site scripting (XSS) vulnerability in horde/templates/topbar/_me ... |
| CVE-2015-7984 | Multiple cross-site request forgery (CSRF) vulnerabilities in Horde be ... |
| CVE-2013-6365 | CSRF edit.php |
| CVE-2013-6364 | XSS and CSRF search.php |
| CVE-2013-1090 | The SUSE horde5 package before 5.0.2-2.4.1 sets incorrect ownership fo ... |
| DSA / DLA | Description |
|---|---|
| DLA-1535-1 | php-horde - security update |
| DSA-3497-1 | php-horde - security update |
| DSA-3391-1 | php-horde - security update |