2015-11-02 7:52 GMT+01:00 Mathieu Parent <math.par...@gmail.com>: > Control: severity -1 important > Control: tag -1 + confirmed upstream security patch jessie fixed-upstream > fixed > Control: fixed -1 5.2.8+debian0-1 > > > 2015-11-01 12:37 GMT+01:00 Philip Frei <p...@gmx.de>: >> Package: php-horde >> Version: 5.2.1+debian0-2+deb8u1 >> Severity: normal >> >> Dear Maintainer, >> >> there are some multiple CSRF vulnerabilities in Horde that were recently >> discovered[1]. >> The new version (5.2.8) in testing/unstable fixes this problem. But the >> problem still exists for stable's version. >> I would be nice to have a fixed version in stable too. > > This seems to be: > https://github.com/horde/horde/commit/a199d74932c902844514b2a83d21e7e221257dae > > I will prepare an upload for next jessie point-release, unless you > think it should go to the security mirors sooner.
I have prepared the upload to jessie-security: http://anonscm.debian.org/cgit/pkg-horde/PEAR/php-horde.git/commit/?h=debian/jessie&id=47c6d6e6ad0836d657eee75e36ef8dbd19c843d2 To the security team: Can/Should I upload it? Note that the Horde team doesn't provide CVEs, I've asked for it at: http://lists.horde.org/archives/dev/Week-of-Mon-20141201/028821.html Regards -- Mathieu