Date: Fri, 14 Oct 2022 11:30:53 +0000 From: bugzilla-noreply@freebsd.org To: ports-bugs@FreeBSD.org Subject: [Bug 267049] mail/horde-imp: address ZDI-20-1051 / ZDI-CAN-10436 Message-ID: <bug-267049-7788@https.bugs.freebsd.org/bugzilla/>
next in thread | raw e-mail | index | archive | help
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D267049 Bug ID: 267049 Summary: mail/horde-imp: address ZDI-20-1051 / ZDI-CAN-10436 Product: Ports & Packages Version: Latest Hardware: Any OS: Any Status: New Severity: Affects Some People Priority: --- Component: Individual Port(s) Assignee: horde@FreeBSD.org Reporter: thierry@FreeBSD.org Assignee: horde@FreeBSD.org Flags: maintainer-feedback?(horde@FreeBSD.org) Created attachment 237299 --> https://bugs.freebsd.org/bugzilla/attachment.cgi?id=3D237299&action= =3Dedit Address ZDI-20-1051 / ZDI-CAN-10436. Address ZDI-20-1051 / ZDI-CAN-10436: Prevent deserializing a class. This seems related to CVE-2022-30287. See <https://www.zerodayinitiative.com/advisories/ZDI-20-1051/>. Patche from <https://github.com/horde/imp/pull/10/files>. --=20 You are receiving this mail because: You are the assignee for the bug.=
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?bug-267049-7788>