[pkg-horde] Bug#803641: Bug#803641: Bug#803641: php-horde: Multiple CSRF Vulnerabilities

Mathieu Parent math.parent at gmail.com
Mon Nov 2 07:11:54 UTC 2015

2015-11-02 7:52 GMT+01:00 Mathieu Parent <math.parent at gmail.com>:
> Control: severity -1 important
> Control: tag -1 + confirmed upstream security patch jessie fixed-upstream fixed
> Control: fixed -1 5.2.8+debian0-1
> 2015-11-01 12:37 GMT+01:00 Philip Frei <pjf at gmx.de>:
>> Package: php-horde
>> Version: 5.2.1+debian0-2+deb8u1
>> Severity: normal
>> Dear Maintainer,
>> there are some multiple CSRF vulnerabilities in Horde that were recently
>> discovered[1].
>> The new version (5.2.8) in testing/unstable fixes this problem. But the
>> problem still exists for stable's version.
>> I would be nice to have a fixed version in stable too.
> This seems to be:
> https://github.com/horde/horde/commit/a199d74932c902844514b2a83d21e7e221257dae
> I will prepare an upload for next jessie point-release, unless you
> think it should go to the security mirors sooner.

I have prepared the upload to jessie-security:

To the security team: Can/Should I upload it?

Note that the Horde team doesn't provide CVEs, I've asked for it at:


More information about the pkg-horde-hackers mailing list