2017-05-07 22:47 GMT+02:00 Niels Thykier <ni...@thykier.net>: > Control: tags -1 moreinfo > > Mathieu Parent: >> Package: release.debian.org >> Severity: normal >> User: release.debian....@packages.debian.org >> Usertags: unblock >> >> Please unblock package php-horde-crypt >> >> This fixes a security issue: >> >> * Escape user provided recipients and charset data. Fixes CVE-2017-7413 and >> CVE-2017-7414 (Closes: #859635) >> >> (debdiff attached) >> >> Note that the package doesn't work correctly in stretch, because it is not >> compatible with gpg v2 (#849151 and #854819). I plan to fix this later, but >> maybe in a point-release. Today, I want to prevent IMP (php-horde-imp) from >> being removed from testing. >> >> unblock php-horde-crypt/2.7.5-2 >> >> Thanks! >> >> [...] > > Sorry, but I think I am missing context here. How functional is > php-horde-crypt in stretch right now? If lack of gpg v2 support causes > a major loss of functionality then #849151 and #854819 should be RC and > handled accordingly.
It is non-functionnal, but IMP is functionnal and it depends on it. Alternatively, I can remove this dependency, but I have not tested it. Regards -- Mathieu Parent