[Bug 267049] mail/horde-imp: address ZDI-20-1051 / ZDI-CAN-10436

Go to: [ bottom of page ] [ top of archives ] [ this month ]

From: <bugzilla-noreply_at_freebsd.org>
Date: Fri, 14 Oct 2022 11:30:53 UTC

https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=267049

            Bug ID: 267049
           Summary: mail/horde-imp: address ZDI-20-1051 / ZDI-CAN-10436
           Product: Ports & Packages
           Version: Latest
          Hardware: Any
                OS: Any
            Status: New
          Severity: Affects Some People
          Priority: ---
         Component: Individual Port(s)
          Assignee: horde@FreeBSD.org
          Reporter: thierry@FreeBSD.org
          Assignee: horde@FreeBSD.org
             Flags: maintainer-feedback?(horde@FreeBSD.org)

Created attachment 237299
  --> https://bugs.freebsd.org/bugzilla/attachment.cgi?id=237299&action=edit
Address ZDI-20-1051 / ZDI-CAN-10436.

Address ZDI-20-1051 / ZDI-CAN-10436: Prevent deserializing a class.

This seems related to CVE-2022-30287.

See <https://www.zerodayinitiative.com/advisories/ZDI-20-1051/>.

Patche from <https://github.com/horde/imp/pull/10/files>.

-- 
You are receiving this mail because:
You are the assignee for the bug.