Version in base suite: 1.1.9-3 Base version: php-horde-trean_1.1.9-3 Target version: php-horde-trean_1.1.9-3+deb10u1 Base file: /srv/ftp-master.debian.org/ftp/pool/main/p/php-horde-trean/php-horde-trean_1.1.9-3.dsc Target file: /srv/ftp-master.debian.org/policy/pool/main/p/php-horde-trean/php-horde-trean_1.1.9-3+deb10u1.dsc changelog | 10 ++ patches/0001-CVE-2020-8865-SECURITY-Fix-Directory-Traversal-Vulerability.patch | 36 ++++++++++ patches/series | 1 3 files changed, 47 insertions(+) diff -Nru php-horde-trean-1.1.9/debian/changelog php-horde-trean-1.1.9/debian/changelog --- php-horde-trean-1.1.9/debian/changelog 2018-05-15 14:52:05.000000000 +0000 +++ php-horde-trean-1.1.9/debian/changelog 2020-04-11 00:31:30.000000000 +0000 @@ -1,3 +1,13 @@ +php-horde-trean (1.1.9-3+deb10u1) buster; urgency=high + + * Fix CVE-2020-8865: + The Horde Application Framework contained a directory traversal + vulnerability resulting from insufficient input sanitization. An + authenticated remote attacker could use this flaw to execute code in the + context of the web server user. (Closes: #955019) + + -- Roberto C. Sanchez Fri, 10 Apr 2020 20:31:30 -0400 + php-horde-trean (1.1.9-3) unstable; urgency=medium * Update Standards-Version to 4.1.4, no change diff -Nru php-horde-trean-1.1.9/debian/patches/0001-CVE-2020-8865-SECURITY-Fix-Directory-Traversal-Vulerability.patch php-horde-trean-1.1.9/debian/patches/0001-CVE-2020-8865-SECURITY-Fix-Directory-Traversal-Vulerability.patch --- php-horde-trean-1.1.9/debian/patches/0001-CVE-2020-8865-SECURITY-Fix-Directory-Traversal-Vulerability.patch 1970-01-01 00:00:00.000000000 +0000 +++ php-horde-trean-1.1.9/debian/patches/0001-CVE-2020-8865-SECURITY-Fix-Directory-Traversal-Vulerability.patch 2020-04-11 00:31:30.000000000 +0000 @@ -0,0 +1,36 @@ +From db0714a0c04d87bda9e2852f1b0d259fc281ca75 Mon Sep 17 00:00:00 2001 +From: Michael J Rubinsky +Date: Sun, 1 Mar 2020 15:00:46 -0500 +Subject: [PATCH] SECURITY: Fix Directory Traversal Vulerability. + +--- + lib/Block/Bookmarks.php | 2 +- + lib/Block/Mostclicked.php | 2 +- + 2 files changed, 2 insertions(+), 2 deletions(-) + +diff --git a/trean-1.1.9/lib/Block/Bookmarks.php b/trean-1.1.9/lib/Block/Bookmarks.php +index 7027bc3..16c7ba2 100644 +--- a/trean-1.1.9/lib/Block/Bookmarks.php ++++ b/trean-1.1.9/lib/Block/Bookmarks.php +@@ -68,7 +68,7 @@ protected function _title() + */ + protected function _content() + { +- $template = TREAN_TEMPLATES . '/block/' . $this->_params['template'] . '.inc'; ++ $template = TREAN_TEMPLATES . '/block/' . basename($this->_params['template']) . '.inc'; + + $sortby = 'title'; + $sortdir = 0; +diff --git a/trean-1.1.9/lib/Block/Mostclicked.php b/trean-1.1.9/lib/Block/Mostclicked.php +index ffbc52b..3308110 100644 +--- a/trean-1.1.9/lib/Block/Mostclicked.php ++++ b/trean-1.1.9/lib/Block/Mostclicked.php +@@ -58,7 +58,7 @@ protected function _title() + */ + protected function _content() + { +- $template = TREAN_TEMPLATES . '/block/' . $this->_params['template'] . '.inc'; ++ $template = TREAN_TEMPLATES . '/block/' . basename($this->_params['template']) . '.inc'; + + $html = ''; + $bookmarks = $GLOBALS['trean_gateway']->listBookmarks('clicks', 1, 0, $this->_params['rows']); diff -Nru php-horde-trean-1.1.9/debian/patches/series php-horde-trean-1.1.9/debian/patches/series --- php-horde-trean-1.1.9/debian/patches/series 1970-01-01 00:00:00.000000000 +0000 +++ php-horde-trean-1.1.9/debian/patches/series 2020-04-11 00:31:30.000000000 +0000 @@ -0,0 +1 @@ +0001-CVE-2020-8865-SECURITY-Fix-Directory-Traversal-Vulerability.patch