Version in base suite: 3.0.4-4sarge6
Version in overlay suite: 3.0.4-4sarge7

Base version: horde3_3.0.4-4sarge6
Target version: horde3_3.0.4-4sarge7
Base file: /org/ftp.debian.org/ftp/pool/main/h/horde3/horde3_3.0.4-4sarge6.dsc
Target file: /org/ftp.debian.org/ftp/pool/main/h/horde3/horde3_3.0.4-4sarge7.dsc

diff -u horde3-3.0.4/debian/changelog horde3-3.0.4/debian/changelog
--- horde3-3.0.4/debian/changelog
+++ horde3-3.0.4/debian/changelog
@@ -1,3 +1,10 @@
+horde3 (3.0.4-4sarge7) oldstable-security; urgency=high
+
+  * Fix arbitrary file inclusion through abuse of the theme preference (see
+    CVE-2008-1284 for more informations). (Closes: #470640)
+
+ -- Gregory Colpart (evolix) <reg@evolix.fr>  Sat, 15 Mar 2008 19:17:29 +0100
+
 horde3 (3.0.4-4sarge6) oldstable-security; urgency=high
 
   * Non-maintainer upload by the security team.
only in patch2:
unchanged:
--- horde3-3.0.4.orig/lib/Horde/Registry.php
+++ horde3-3.0.4/lib/Horde/Registry.php
@@ -938,7 +938,9 @@
         /* Figure out if this is going to be overridden by any theme
          * settings. */
         if (isset($GLOBALS['prefs']) && ($theme = $GLOBALS['prefs']->getValue('theme')) &&
-            (@include $this->get('themesfs', 'horde') . '/' . $theme . '/info.php') &&
+            // backport security patch from Horde 3.1.7 for sarge
+            //(@include $this->get('themesfs', 'horde') . '/' . $theme . '/info.php') &&
+            (@include $this->get('themesfs', 'horde') . '/' . basename($theme) . '/info.php') &&
             isset($theme_icons) &&
             in_array($app, $theme_icons)) {
             $img_dir[$app] = $this->get('themesuri', $app) . '/' . $theme . '/graphics';