ELA-365-1 php-horde-text-filter security update

cross-site scripting

2021-02-18
Packagephp-horde-text-filter
Version2.2.1-5+deb8u1
Related CVEs CVE-2016-5303 CVE-2021-26929

Alex Birnberg discovered a cross-site scripting (XSS) vulnerability in the Horde Application Framework, more precisely its Text Filter API. An attacker could take control of a user’s mailbox by sending a crafted e-mail. This update also fixes a separate minor XSS vulnerability discovered by Liuzhu.

For Debian 8 jessie, these problems have been fixed in version 2.2.1-5+deb8u1.

We recommend that you upgrade your php-horde-text-filter packages.

Further information about Extended LTS security advisories can be found at: https://deb.freexian.com/extended-lts/