diff -u horde3-3.1.3/debian/changelog horde3-3.1.3/debian/changelog
--- horde3-3.1.3/debian/changelog
+++ horde3-3.1.3/debian/changelog
@@ -1,3 +1,22 @@
+horde3 (3.1.3-4ubuntu0.1) feisty-security; urgency=low
+
+  * SECURITY UPDATE: (LP: #203456)
+   + Directory traversal vulnerability in Horde 3.1.6, Groupware before 1.0.5,
+     and Groupware Webmail Edition before 1.0.6, when running with certain 
+     configurations, allows remote authenticated users to read and execute arbitrary
+     files via ".." sequences and a null byte in the theme name.
+     Fix directory traversal vulnerability in Registry.php which allows
+     an attacker to read and execute arbitrary local files via crafted
+     path sequences.
+ 
+  * References
+   + http://ftp.horde.org/pub/horde/patches/patch-horde-3.1.6-3.1.7.gz
+   + http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=2008-1284
+   + http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=470640
+   + http://www.debian.org/security/2008/dsa-1519
+
+ -- Emanuele Gentili <emgent@emanuele-gentili.com>  Thu, 27 Mar 2008 14:57:51 +0100
+
 horde3 (3.1.3-4) unstable; urgency=high
 
   * Correction for arbitrary file deletion vulnerability,
only in patch2:
unchanged:
--- horde3-3.1.3.orig/lib/Horde/Registry.php
+++ horde3-3.1.3/lib/Horde/Registry.php
@@ -1054,7 +1054,7 @@
         if (isset($GLOBALS['prefs']) &&
             ($theme = $GLOBALS['prefs']->getValue('theme')) &&
             (isset($theme_icons) ||
-             ((@include $this->get('themesfs', 'horde') . '/' . $theme . '/info.php') &&
+             ((@include $this->get('themesfs', 'horde') . '/' . basename($theme) . '/info.php') &&
               isset($theme_icons))) &&
             in_array($app, $theme_icons)) {
             $img_dir[$app] = $this->get('themesuri', $app) . '/' . $theme . '/graphics';