CVE-2019-16774

NameCVE-2019-16774
DescriptionIn phpfastcache before 5.1.3, there is a possible object injection vulnerability in cookie driver.
SourceCVE (at NVD; CERT, LWN, oss-sec, fulldisc, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, GitHub advisories/code/issues, web search, more)

Vulnerable and fixed packages

The table below lists information on source packages.

Source PackageReleaseVersionStatus
kopano-webapp-plugin-files (PTS)buster2.1.5+dfsg1-1vulnerable

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
kopano-webapp-plugin-filessource(unstable)2.1.5+dfsg1-2unimportant

Notes

https://github.com/PHPSocialNetwork/phpfastcache/security/advisories/GHSA-484f-743f-6jx2
https://github.com/PHPSocialNetwork/phpfastcache/commit/c4527205cb7a402b595790c74310791f5b04a1a4 (5.0.13)
https://github.com/PHPSocialNetwork/phpfastcache/commit/82a84adff6e8fc9b564c616d0fdc9238ae2e86c3 (4.3.18)
Affected phpfastcache code is not used in kopano-webapp-plugin-files.
Search for package or bug name: Reporting problems