Control: tags -1 moreinfo Mathieu Parent: > Package: release.debian.org > Severity: normal > User: release.debian....@packages.debian.org > Usertags: unblock > > Please unblock package php-horde-crypt > > This fixes a security issue: > > * Escape user provided recipients and charset data. Fixes CVE-2017-7413 and > CVE-2017-7414 (Closes: #859635) > > (debdiff attached) > > Note that the package doesn't work correctly in stretch, because it is not > compatible with gpg v2 (#849151 and #854819). I plan to fix this later, but > maybe in a point-release. Today, I want to prevent IMP (php-horde-imp) from > being removed from testing. > > unblock php-horde-crypt/2.7.5-2 > > Thanks! > > [...]
Sorry, but I think I am missing context here. How functional is php-horde-crypt in stretch right now? If lack of gpg v2 support causes a major loss of functionality then #849151 and #854819 should be RC and handled accordingly. Thanks, ~Niels
