[commits] imp branch master updated. 5f9aef5b2d3980f9633bee49c32e7a25864478d1
Michael J. Rubinsky
mrubinsk at horde.org
Sat Oct 22 20:38:56 UTC 2022
The branch "master" has been updated.
The following is a summary of the commits.
from: 8d19f07d87a6320df5de6b293ec05a49502005ff
a526249 Address ZDI-20-1051 / ZDI-CAN-10436: Prevent deserializing a class.
5f9aef5 Merge pull request #10 from maintaina-com/fix-upstream-ZDI-20-1051
Summary: https://github.com/horde/imp/compare/8d19f07d87a6...5f9aef5b2d39
-----------------------------------------------------------------------
commit a5262497903617af126fb529ac0bd2770f610b8d
Author: Ralf Lang <ralf.lang at ralf-lang.de>
Date: Wed, 12 Oct 2022 18:06:43 +0200
Address ZDI-20-1051 / ZDI-CAN-10436: Prevent deserializing a class.
Also guard against some other possibly unwanted deserialisations.
It is debatable if this constitutes an actual attack vector before the change.
However, the change rules out any such possibility.
M lib/Prefs/Sort.php
https://github.com/horde/imp/commit/a5262497903617af126fb529ac0bd2770f610b8d
-----------------------------------------------------------------------
commit 5f9aef5b2d3980f9633bee49c32e7a25864478d1
Author: Michael J Rubinsky <mrubinsk at horde.org>
Date: Sat, 22 Oct 2022 16:38:54 -0400
Merge pull request #10 from maintaina-com/fix-upstream-ZDI-20-1051
Address ZDI-20-1051 / ZDI-CAN-10436: Prevent deserializing a class.
M lib/Prefs/Sort.php
https://github.com/horde/imp/commit/5f9aef5b2d3980f9633bee49c32e7a25864478d1
More information about the commits
mailing list