Bug#861715: unblock: php-horde-crypt/2.7.5-2
Control: tags -1 moreinfo
Mathieu Parent:
> Package: release.debian.org
> Severity: normal
> User: release.debian.org@packages.debian.org
> Usertags: unblock
>
> Please unblock package php-horde-crypt
>
> This fixes a security issue:
>
> * Escape user provided recipients and charset data. Fixes CVE-2017-7413 and
> CVE-2017-7414 (Closes: #859635)
>
> (debdiff attached)
>
> Note that the package doesn't work correctly in stretch, because it is not
> compatible with gpg v2 (#849151 and #854819). I plan to fix this later, but
> maybe in a point-release. Today, I want to prevent IMP (php-horde-imp) from
> being removed from testing.
>
> unblock php-horde-crypt/2.7.5-2
>
> Thanks!
>
> [...]
Sorry, but I think I am missing context here. How functional is
php-horde-crypt in stretch right now? If lack of gpg v2 support causes
a major loss of functionality then #849151 and #854819 should be RC and
handled accordingly.
Thanks,
~Niels
Reply to: