diff -Nru php-horde-5.2.1+debian0/debian/changelog php-horde-5.2.1+debian0/debian/changelog
--- php-horde-5.2.1+debian0/debian/changelog	2014-08-27 05:28:19.000000000 +0000
+++ php-horde-5.2.1+debian0/debian/changelog	2015-11-19 22:06:31.000000000 +0000
@@ -1,3 +1,21 @@
+php-horde (5.2.1+debian0-2+deb8u2build0.15.04.1) vivid-security; urgency=medium
+
+  * fake sync from Debian
+
+ -- Tyler Hicks <tyhicks@canonical.com>  Thu, 19 Nov 2015 16:06:31 -0600
+
+php-horde (5.2.1+debian0-2+deb8u2) jessie-security; urgency=high
+
+  * Add session token checking to various admin pages (Closes: #803641)
+
+ -- Mathieu Parent <sathieu@debian.org>  Mon, 02 Nov 2015 08:02:11 +0100
+
+php-horde (5.2.1+debian0-2+deb8u1) stable; urgency=medium
+
+  * Fix XSS in group administration (Closes: #785364)
+
+ -- Mathieu Parent <sathieu@debian.org>  Fri, 15 May 2015 17:14:33 +0200
+
 php-horde (5.2.1+debian0-2) unstable; urgency=medium
 
   * Update Standards-Version, no change
diff -Nru php-horde-5.2.1+debian0/debian/patches/0003-Fix-XSS-in-group-administration.patch php-horde-5.2.1+debian0/debian/patches/0003-Fix-XSS-in-group-administration.patch
--- php-horde-5.2.1+debian0/debian/patches/0003-Fix-XSS-in-group-administration.patch	1970-01-01 00:00:00.000000000 +0000
+++ php-horde-5.2.1+debian0/debian/patches/0003-Fix-XSS-in-group-administration.patch	2015-11-02 07:04:57.000000000 +0000
@@ -0,0 +1,23 @@
+From: Mathieu Parent <math.parent@gmail.com>
+Date: Tue, 5 May 2015 21:56:08 +0200
+Subject: Fix XSS in group administration
+
+Origin: https://github.com/horde/horde/commit/dae5277746abe613de0cacc004e95e9ed9d78220
+Author: Jan Schneider <jan@horde.org>
+---
+ horde-5.2.1/admin/groups.php | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/horde-5.2.1/admin/groups.php b/horde-5.2.1/admin/groups.php
+index 3a3fa48..0423531 100644
+--- a/horde-5.2.1/admin/groups.php
++++ b/horde-5.2.1/admin/groups.php
+@@ -211,7 +211,7 @@ foreach ($nodes as $id => $node) {
+     $tree->addNode(array(
+         'id' => $id,
+         'parent' => null,
+-        'label' => $node,
++        'label' => htmlspecialchars($node),
+         'expanded' => false,
+         'params' => $group_node + $node_params,
+         'right' => array($spacer, $delete_link)
diff -Nru php-horde-5.2.1+debian0/debian/patches/0004-Add-session-token-checking-to-various-admin-pages.patch php-horde-5.2.1+debian0/debian/patches/0004-Add-session-token-checking-to-various-admin-pages.patch
--- php-horde-5.2.1+debian0/debian/patches/0004-Add-session-token-checking-to-various-admin-pages.patch	1970-01-01 00:00:00.000000000 +0000
+++ php-horde-5.2.1+debian0/debian/patches/0004-Add-session-token-checking-to-various-admin-pages.patch	2015-11-02 07:04:57.000000000 +0000
@@ -0,0 +1,104 @@
+From: Michael J Rubinsky <mrubinsk@horde.org>
+Date: Mon, 2 Nov 2015 07:55:52 +0100
+Subject: Add session token checking to various admin pages.
+
+Origin: https://github.com/horde/horde/commit/a199d74932c902844514b2a83d21e7e221257dae
+---
+ horde-5.2.1/admin/cmdshell.php                | 3 ++-
+ horde-5.2.1/admin/phpshell.php                | 2 ++
+ horde-5.2.1/admin/sqlshell.php                | 5 ++++-
+ horde-5.2.1/templates/admin/cmdshell.html.php | 2 ++
+ horde-5.2.1/templates/admin/phpshell.html.php | 2 ++
+ horde-5.2.1/templates/admin/sqlshell.html.php | 2 ++
+ 6 files changed, 14 insertions(+), 2 deletions(-)
+
+diff --git a/horde-5.2.1/admin/cmdshell.php b/horde-5.2.1/admin/cmdshell.php
+index 9e454b0..4d63e90 100644
+--- a/horde-5.2.1/admin/cmdshell.php
++++ b/horde-5.2.1/admin/cmdshell.php
+@@ -27,8 +27,9 @@ $view->addHelper('Text');
+ $view->action = Horde::url('admin/cmdshell.php');
+ $view->command = trim(Horde_Util::getFormData('cmd'));
+ $view->title = $title;
+-
++$view->session = $session;
+ if ($view->command) {
++    $session->checkToken(Horde_Util::getPost('token'));
+     $cmds = explode("\n", $view->command);
+     $out = array();
+ 
+diff --git a/horde-5.2.1/admin/phpshell.php b/horde-5.2.1/admin/phpshell.php
+index 6d9eae2..9f64bbc 100644
+--- a/horde-5.2.1/admin/phpshell.php
++++ b/horde-5.2.1/admin/phpshell.php
+@@ -48,8 +48,10 @@ $view->application = $application;
+ $view->apps = $apps;
+ $view->command = $command;
+ $view->title = $title;
++$view->session = $session;
+ 
+ if ($command) {
++    $session->checkToken($vars->token);
+     $pushed = $registry->pushApp($application);
+ 
+     $part = new Horde_Mime_Part();
+diff --git a/horde-5.2.1/admin/sqlshell.php b/horde-5.2.1/admin/sqlshell.php
+index f7972c2..1ee4512 100644
+--- a/horde-5.2.1/admin/sqlshell.php
++++ b/horde-5.2.1/admin/sqlshell.php
+@@ -22,7 +22,9 @@ $db = $injector->getInstance('Horde_Db_Adapter');
+ $q_cache = $session->get('horde', 'sql_query_cache', Horde_Session::TYPE_ARRAY);
+ $title = _("SQL Shell");
+ $vars = $injector->getInstance('Horde_Variables');
+-
++if ($vars->get('list-tables') || ($command = trim($vars->sql))) {
++    $session->checkToken($vars->token);
++}
+ if ($vars->get('list-tables')) {
+     $description = 'LIST TABLES';
+     $result = $db->tables();
+@@ -48,6 +50,7 @@ if ($vars->get('list-tables')) {
+ $view = new Horde_View(array(
+     'templatePath' => HORDE_TEMPLATES . '/admin'
+ ));
++$view->session = $session;
+ $view->addHelper('Horde_Core_View_Helper_Help');
+ $view->addHelper('Text');
+ 
+diff --git a/horde-5.2.1/templates/admin/cmdshell.html.php b/horde-5.2.1/templates/admin/cmdshell.html.php
+index 5ae18ea..8dcce42 100644
+--- a/horde-5.2.1/templates/admin/cmdshell.html.php
++++ b/horde-5.2.1/templates/admin/cmdshell.html.php
+@@ -11,6 +11,8 @@
+ <?php endif; ?>
+ 
+ <form action="<?php echo $this->action ?>" method="post">
++ <?php Horde_Util::pformInput() ?>
++ <input type="hidden" name="token" value="<?php echo $this->session->getToken() ?>" />
+  <h1 class="header"><?php echo $this->title ?></h1>
+ 
+  <div class="horde-content">
+diff --git a/horde-5.2.1/templates/admin/phpshell.html.php b/horde-5.2.1/templates/admin/phpshell.html.php
+index 1860d5e..47c4ff3 100644
+--- a/horde-5.2.1/templates/admin/phpshell.html.php
++++ b/horde-5.2.1/templates/admin/phpshell.html.php
+@@ -1,4 +1,6 @@
+ <form action="<?php echo $this->action ?>" method="post">
++ <?php Horde_Util::pformInput() ?>
++ <input type="hidden" name="token" value="<?php echo $this->session->getToken() ?>" />
+  <h1 class="header"><?php echo $this->h($this->title) ?></h1>
+ 
+  <div class="horde-content">
+diff --git a/horde-5.2.1/templates/admin/sqlshell.html.php b/horde-5.2.1/templates/admin/sqlshell.html.php
+index aae6684..e72c5f9 100644
+--- a/horde-5.2.1/templates/admin/sqlshell.html.php
++++ b/horde-5.2.1/templates/admin/sqlshell.html.php
+@@ -1,6 +1,8 @@
+ <h1 class="header"><?php echo $this->title ?></h1>
+ 
+ <form name="sqlshell" action="<?php echo $this->action ?>" method="post">
++ <?php Horde_Util::pformInput() ?>
++ <input type="hidden" name="token" value="<?php echo $this->session->getToken() ?>" />
+  <div class="horde-content">
+ <?php if ($this->results): ?>
+ <?php if ($this->command): ?>
diff -Nru php-horde-5.2.1+debian0/debian/patches/series php-horde-5.2.1+debian0/debian/patches/series
--- php-horde-5.2.1+debian0/debian/patches/series	2014-08-27 05:28:19.000000000 +0000
+++ php-horde-5.2.1+debian0/debian/patches/series	2015-11-02 07:04:57.000000000 +0000
@@ -1 +1,3 @@
 0002-Fix-rewrite-base.patch
+0003-Fix-XSS-in-group-administration.patch
+0004-Add-session-token-checking-to-various-admin-pages.patch