[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Bug#861715: unblock: php-horde-crypt/2.7.5-2

2017-05-07 22:47 GMT+02:00 Niels Thykier <niels@thykier.net>:
> Control: tags -1 moreinfo
>
> Mathieu Parent:
>> Package: release.debian.org
>> Severity: normal
>> User: release.debian.org@packages.debian.org
>> Usertags: unblock
>>
>> Please unblock package php-horde-crypt
>>
>> This fixes a security issue:
>>
>>   * Escape user provided recipients and charset data. Fixes CVE-2017-7413 and
>>     CVE-2017-7414 (Closes: #859635)
>>
>> (debdiff attached)
>>
>> Note that the package doesn't work correctly in stretch, because it is not
>> compatible with gpg v2 (#849151 and #854819). I plan to fix this later, but
>> maybe in a point-release. Today, I want to prevent IMP (php-horde-imp) from
>> being removed from testing.
>>
>> unblock php-horde-crypt/2.7.5-2
>>
>> Thanks!
>>
>> [...]
>
> Sorry, but I think I am missing context here.  How functional is
> php-horde-crypt in stretch right now?  If lack of gpg v2 support causes
> a major loss of functionality then #849151 and #854819 should be RC and
> handled accordingly.

It is non-functionnal, but IMP is functionnal and it depends on it.

Alternatively, I can remove this dependency, but I have not tested it.

Regards

-- 
Mathieu Parent
Reply to: