Tickets :: [#15114] Virtual Addressbook broken by CVE-2022-30287

6.0.0-alpha12

6/8/25

Summary	Virtual Addressbook broken by CVE-2022-30287
Queue	Turba
Queue Version	4.2.28
Type	Bug
State	Resolved
Priority	3. High
Owners	mrubinsk (at) horde (dot) org
Requester	admin (at) layertec (dot) de
Created	06/16/2022 (1088 days ago)
Due
Updated	06/18/2022 (1086 days ago)
Assigned
Resolved	06/18/2022 (1086 days ago)
Github Issue Link
Github Pull Request
Milestone
Patch	No

06/18/2022 09:56:16 PM	Michael Rubinsky	Comment #4 Assigned to Michael Rubinsky State ⇒ Resolved	Reply to this comment
4.2.29

06/18/2022 09:24:49 PM	Git Commit	Comment #3	Reply to this comment
Changes have been made in Git (FRAMEWORK_5_2): commit 4adb2b662887d87b98c0ea28c8033957d3cd6d56 Author: Michael J Rubinsky <mrubinsk@horde.org> Date: Sat, 18 Jun 2022 17:24:45 -0400 ~~Bug: 15114~~ Fix regression is accessing virtual address books. M lib/Factory/Driver.php https://github.com/horde/turba/commit/4adb2b662887d87b98c0ea28c8033957d3cd6d56

06/18/2022 09:24:18 PM	Git Commit	Comment #2	Reply to this comment
Changes have been made in Git (master): commit e26552a64f46baffc799c5a04af6e89301a14618 Author: Michael J Rubinsky <mrubinsk@horde.org> Date: Sat, 18 Jun 2022 17:23:23 -0400 ~~Bug: 15114~~ Fix regression is accessing virtual address books. M lib/Factory/Driver.php https://github.com/horde/turba/commit/e26552a64f46baffc799c5a04af6e89301a14618

06/16/2022 07:24:45 AM	admin (at) layertec (dot) de	Comment #1 Priority ⇒ 3. High Patch ⇒ No Milestone ⇒ Queue ⇒ Turba Summary ⇒ Virtual Addressbook broken by CVE-2022-30287 Type ⇒ Bug State ⇒ Unconfirmed	Reply to this comment
The security fix CVE-2022-30287 broke functionality for users with virtual address books. See also: https://github.com/horde/turba/pull/10 Please provide a fix for turba 4.2.29.