| Release | Version |
|---|---|
| jessie | 5.2.1+debian0-2+deb8u3 |
| jessie (security) | 5.2.1+debian0-2+deb8u5 |
| stretch | 5.2.13+debian0-1 |
| buster | 5.2.20+debian0-1 |
| bullseye | 5.2.21+debian0-1 |
| sid | 5.2.21+debian0-1 |
| Bug | jessie | stretch | buster | bullseye | sid | Description |
|---|---|---|---|---|---|---|
| CVE-2019-12095 | fixed | vulnerable (no DSA) | vulnerable (no DSA) | fixed | fixed | Horde Trean, as used in Horde Groupware Webmail Edition through 5.2.22 ... |
| CVE-2019-12094 | vulnerable (no DSA) | vulnerable (no DSA) | vulnerable (no DSA) | vulnerable | vulnerable | Horde Groupware Webmail Edition through 5.2.22 allows XSS via an admin ... |
| CVE-2017-16907 | fixed | vulnerable (no DSA) | fixed | fixed | fixed | In Horde Groupware 5.2.19 and 5.2.21, there is XSS via the Color field ... |
| Bug | Description |
|---|---|
| TEMP-0785364-25992B | XSS in group administration |
| CVE-2016-2228 | Cross-site scripting (XSS) vulnerability in horde/templates/topbar/_me ... |
| CVE-2015-7984 | Multiple cross-site request forgery (CSRF) vulnerabilities in Horde be ... |
| CVE-2013-6365 | Horde Groupware Web mail 5.1.2 has CSRF with requests to change permis ... |
| CVE-2013-6364 | Horde Groupware Webmail Edition has CSRF and XSS when saving search as ... |
| CVE-2013-1090 | The SUSE horde5 package before 5.0.2-2.4.1 sets incorrect ownership fo ... |
| DSA / DLA | Description |
|---|---|
| DLA-2033-1 | php-horde - security update |
| DLA-1535-1 | php-horde - security update |
| DSA-3497-1 | php-horde - security update |
| DSA-3391-1 | php-horde - security update |