I've been trying to figure out if this issue affects stable. The issues point to this openwall post: http://www.openwall.com/lists/oss-security/2012/01/22/2
which has actual git commits for things. CVE-2012-0791 has a simple changeset: https://github.com/horde/horde/commit/208eae43c95136a67104f760027a8892a22b6e25 it touches two files: framework/Form/lib/Horde/Form/Type.php framework/Form/package.xml neither of these files is in horde3 or imp4 that is in Squeeze. For the other issue CVE-2012-0909, that seems to affect Squeeze's IMP, and a changeset between version 4.3.10 and 4.3.11 was published here: http://ftp.horde.org/pub/imp/patches/patch-imp-h3-4.3.10-h3-4.3.11.gz Squeeze has 4.3.7 - I've looked at the changeset above with a co-worker and it does not look too hard to port to the debian version. We'll do so in the next couple of days if nobody else does first. micah --
pgpgDDdP8MDbA.pgp
Description: PGP signature
