[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Bug#861715: unblock: php-horde-crypt/2.7.5-2

Control: tags -1 moreinfo

Mathieu Parent:
> Package: release.debian.org
> Severity: normal
> User: release.debian.org@packages.debian.org
> Usertags: unblock
> 
> Please unblock package php-horde-crypt
> 
> This fixes a security issue:
> 
>   * Escape user provided recipients and charset data. Fixes CVE-2017-7413 and
>     CVE-2017-7414 (Closes: #859635)
> 
> (debdiff attached)
> 
> Note that the package doesn't work correctly in stretch, because it is not
> compatible with gpg v2 (#849151 and #854819). I plan to fix this later, but
> maybe in a point-release. Today, I want to prevent IMP (php-horde-imp) from
> being removed from testing.
> 
> unblock php-horde-crypt/2.7.5-2
> 
> Thanks!
> 
> [...]

Sorry, but I think I am missing context here.  How functional is
php-horde-crypt in stretch right now?  If lack of gpg v2 support causes
a major loss of functionality then #849151 and #854819 should be RC and
handled accordingly.

Thanks,
~Niels
Reply to: