Control: severity -1 important Control: tag -1 + confirmed upstream security patch jessie fixed-upstream fixed Control: fixed -1 5.2.8+debian0-1
2015-11-01 12:37 GMT+01:00 Philip Frei <p...@gmx.de>: > Package: php-horde > Version: 5.2.1+debian0-2+deb8u1 > Severity: normal > > Dear Maintainer, > > there are some multiple CSRF vulnerabilities in Horde that were recently > discovered[1]. > The new version (5.2.8) in testing/unstable fixes this problem. But the > problem still exists for stable's version. > I would be nice to have a fixed version in stable too. This seems to be: https://github.com/horde/horde/commit/a199d74932c902844514b2a83d21e7e221257dae I will prepare an upload for next jessie point-release, unless you think it should go to the security mirors sooner. Regards -- Mathieu