On Mon, 2 Nov 2015 08:11:54 +0100 Mathieu Parent <math.par...@gmail.com> wrote:
> Note that the Horde team doesn't provide CVEs, I've asked for it at: > http://lists.horde.org/archives/dev/Week-of-Mon-20141201/028821.html This[1] is how the Horde team handles security bugs in the changelog: "For security issues, we don't make it obvious that it's a security issue being fixed when committing since this is publicly view-able before the release goes out, which leaves existing installations more vulnerable. If there is an available CVE number, we do post that in the CHANGES file though." [1] http://lists.horde.org/archives/horde/Week-of-Mon-20151102/054962.html regard, Philip
