Candidate: CVE-2019-19907
PublicDate: 2019-12-19 18:15:00 UTC
References:
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-19907
 https://stash.kopano.io/projects/KC/repos/kopanocore/commits/4e02b420fff
 https://stash.kopano.io/projects/KC/repos/kopanocore/browse/RELNOTES.txt
Description:
 HrAddFBBlock in libfreebusy/freebusyutil.cpp in Kopano Groupware Core
 before 8.7.7 allows out-of-bounds access, as demonstrated by mishandling of
 an array copy during parsing of ICal data.
Ubuntu-Description:
Notes:
Mitigation:
Bugs:
Priority: medium
Discovered-by:
Assigned-to:
CVSS:
 nvd: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H [9.8 CRITICAL]


Patches_kopanocore:
upstream_kopanocore: released (8.7.0-6)
precise/esm_kopanocore: DNE
trusty_kopanocore: ignored (out of standard support)
trusty/esm_kopanocore: DNE
xenial_kopanocore: DNE
bionic_kopanocore: needed
disco_kopanocore: ignored (reached end-of-life)
eoan_kopanocore: ignored (reached end-of-life)
focal_kopanocore: not-affected (8.7.0-6ubuntu1)
groovy_kopanocore: not-affected (8.7.0-6ubuntu1)
hirsute_kopanocore: not-affected (8.7.0-6ubuntu1)
impish_kopanocore: not-affected (8.7.0-6ubuntu1)
jammy_kopanocore: not-affected (8.7.0-6ubuntu1)
devel_kopanocore: not-affected (8.7.0-6ubuntu1)