Candidate: CVE-2017-7413
PublicDate: 2017-04-04 14:59:00 UTC
References:
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7413
 https://lists.horde.org/archives/horde/Week-of-Mon-20170403/056767.html
Description:
 In Horde_Crypt before 2.7.6, as used in Horde Groupware Webmail Edition
 through 5.2.17, OS Command Injection can occur if the attacker is an
 authenticated Horde Webmail user, has PGP features enabled in their
 preferences, and attempts to encrypt an email addressed to a maliciously
 crafted email address.
Ubuntu-Description:
Notes:
Bugs:
 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=859635
Priority: medium
Discovered-by:
Assigned-to:
CVSS:
 nvd: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H [8.8 HIGH]

Patches_php-horde-crypt:
upstream_php-horde-crypt: released (2.7.5-2)
precise_php-horde-crypt: DNE
precise/esm_php-horde-crypt: DNE
trusty_php-horde-crypt: ignored (reached end-of-life)
trusty/esm_php-horde-crypt: DNE (trusty was needed)
vivid/stable-phone-overlay_php-horde-crypt: DNE
vivid/ubuntu-core_php-horde-crypt: DNE
xenial_php-horde-crypt: ignored (end of standard support, was needed)
yakkety_php-horde-crypt: ignored (reached end-of-life)
zesty_php-horde-crypt: ignored (reached end-of-life)
artful_php-horde-crypt: ignored (reached end-of-life)
bionic_php-horde-crypt: not-affected (2.7.11-1ubuntu1)
cosmic_php-horde-crypt: not-affected (2.7.11-1ubuntu1)
disco_php-horde-crypt: not-affected (2.7.11-1ubuntu1)
eoan_php-horde-crypt: not-affected (2.7.11-1ubuntu1)
focal_php-horde-crypt: DNE
groovy_php-horde-crypt: DNE
hirsute_php-horde-crypt: DNE
impish_php-horde-crypt: DNE
jammy_php-horde-crypt: DNE
devel_php-horde-crypt: DNE