php-horde-image (2.3.6-1+deb9u1) stretch-security; urgency=high

  * CVE-2017-9773: Prevent a denial of service attack by ensuring an infinite
    loop cannot be triggered by a malicious request. (Closes: #865504)
  * CVE-2017-9774: Prevent a remote code execution vulnerability (RCE) that was
    exploitable by a logged-in user sending a maliciously crafted HTTP GET
    request to the image backends. Note that the fix applied upstream has a
    regression in that it ignores the "force aspect ratio" option; see
    <https://github.com/horde/Image/pull/1>. This has been remedied in this
    fix. (Closes: #865505)
  * CVE-2017-14650: Prevent another RCE that was exploitable by a logged-in
    user sending a maliciously crafted GET request specifically to the "im"
    image backend. (Closes: #876400)

 -- Chris Lamb <lamby@debian.org>  Sat, 23 Jun 2018 11:09:57 +0100

php-horde-image (2.3.6-1) unstable; urgency=medium

  * New upstream version 2.3.6

 -- Mathieu Parent <sathieu@debian.org>  Fri, 09 Sep 2016 14:58:40 +0200

php-horde-image (2.3.5-2) unstable; urgency=medium

  * Update Standards-Version to 3.9.8, no change
  * Updated d/watch to use https

 -- Mathieu Parent <sathieu@debian.org>  Wed, 08 Jun 2016 07:51:06 +0200

php-horde-image (2.3.5-1) unstable; urgency=medium

  * New upstream version 2.3.5

 -- Mathieu Parent <sathieu@debian.org>  Sat, 26 Mar 2016 11:45:32 +0100

php-horde-image (2.3.4-2) unstable; urgency=medium

  * Update Standards-Version to 3.9.7, no change
  * Use secure Vcs-* fields
  * Rebuild with newer pkg-php-tools for the PHP 7 transition
  * Replace php5-* by php-* in d/tests/control

 -- Mathieu Parent <sathieu@debian.org>  Sun, 13 Mar 2016 16:06:48 +0100

php-horde-image (2.3.4-1) unstable; urgency=medium

  * New upstream version 2.3.4

 -- Mathieu Parent <sathieu@debian.org>  Wed, 03 Feb 2016 22:57:29 +0100

php-horde-image (2.3.3-2) unstable; urgency=medium

  * Upgaded to debhelper compat 9
  * copyright: Fix wildcard-matches-nothing-in-dep5-copyright

 -- Mathieu Parent <sathieu@debian.org>  Fri, 23 Oct 2015 07:03:38 +0200

php-horde-image (2.3.3-1) unstable; urgency=medium

  * New upstream version 2.3.3

 -- Mathieu Parent <sathieu@debian.org>  Thu, 17 Sep 2015 04:22:19 +0200

php-horde-image (2.3.2-1) unstable; urgency=medium

  * Remove XS-Testsuite header in d/control
  * Update gbp.conf
  * New upstream version 2.3.2

 -- Mathieu Parent <sathieu@debian.org>  Mon, 10 Aug 2015 00:30:46 +0200

php-horde-image (2.3.1-1) unstable; urgency=medium

  * Update Standards-Version to 3.9.6, no change
  * New upstream version 2.3.1

 -- Mathieu Parent <sathieu@debian.org>  Mon, 04 May 2015 21:40:32 +0200

php-horde-image (2.1.0-4) unstable; urgency=medium

  * Fixed DEP-8 tests, by removing "set -x"

 -- Mathieu Parent <sathieu@debian.org>  Sat, 11 Oct 2014 14:11:10 +0200

php-horde-image (2.1.0-3) unstable; urgency=medium

  * Fixed DEP-8 tests

 -- Mathieu Parent <sathieu@debian.org>  Sat, 13 Sep 2014 14:44:55 +0200

php-horde-image (2.1.0-2) unstable; urgency=medium

  * Update Standards-Version, no change
  * Update Vcs-Browser to use cgit instead of gitweb
  * Add dep-8 (automatic as-installed package testing)

 -- Mathieu Parent <sathieu@debian.org>  Tue, 26 Aug 2014 22:29:47 +0200

php-horde-image (2.1.0-1) unstable; urgency=medium

  * New upstream version 2.1.0

 -- Mathieu Parent <sathieu@debian.org>  Thu, 19 Jun 2014 22:50:42 +0200

php-horde-image (2.0.9-1) unstable; urgency=medium

  * New upstream version 2.0.9

 -- Mathieu Parent <sathieu@debian.org>  Sun, 15 Jun 2014 21:31:04 +0200

php-horde-image (2.0.8-1) unstable; urgency=medium

  * New upstream version 2.0.8

 -- Mathieu Parent <sathieu@debian.org>  Wed, 04 Jun 2014 23:00:58 +0200

php-horde-image (2.0.7-1) unstable; urgency=medium

  * New upstream version 2.0.7

 -- Mathieu Parent <sathieu@debian.org>  Sun, 13 Apr 2014 09:31:47 +0200

php-horde-image (2.0.5-1) unstable; urgency=low

  * New upstream version 2.0.5

 -- Mathieu Parent <sathieu@debian.org>  Sun, 11 Aug 2013 12:52:56 +0200

php-horde-image (2.0.4-2) unstable; urgency=low

  * Use pristine-tar

 -- Mathieu Parent <sathieu@debian.org>  Thu, 06 Jun 2013 09:21:28 +0200

php-horde-image (2.0.4-1) unstable; urgency=low

  * New upstream version 2.0.4

 -- Mathieu Parent <sathieu@debian.org>  Sun, 07 Apr 2013 15:56:14 +0200

php-horde-image (2.0.2-1) unstable; urgency=low

  * New upstream version 2.0.2

 -- Mathieu Parent <sathieu@debian.org>  Thu, 10 Jan 2013 20:15:37 +0100

php-horde-image (2.0.1-2) unstable; urgency=low

  * Add a description of Horde in long description
  * Updated Standards-Version to 3.9.4, no changes
  * Replace horde4 by PEAR in git reporitory path
  * Fix Horde Homepage
  * Remove debian/pearrc, not needed with latest php-horde-role

 -- Mathieu Parent <sathieu@debian.org>  Wed, 09 Jan 2013 20:27:35 +0100

php-horde-image (2.0.1-1) unstable; urgency=low

  * New upstream version 2.0.1
  * Fixed watchfile
  * Updated Standards-Version to 3.9.3: no change
  * Updated copyright format URL
  * Updated debian/pearrc to install Horde apps in /usr/share/horde
    instead of /usr/share/horde4
  * Updated Vcs-* fields

 -- Mathieu Parent <sathieu@debian.org>  Sat, 01 Dec 2012 11:18:31 +0100

php-horde-image (1.0.9-1) unstable; urgency=low

  * Horde_Image package
  * Initial packaging (Closes: #657361)
  * Copyright file by Soren Stoutner and Jay Barksdale

 -- Mathieu Parent <sathieu@debian.org>  Sun, 12 Feb 2012 14:59:01 +0100