gosa (2.7.4+reloaded3-10) unstable; urgency=medium * debian/patches: + Add 1047_CVE-2019-14466-1_replace_unserialize_with_json_encode+json_ decode.patch: Replace (un)serialize with json_encode/json_decode to mitigate PHP object injection. (CVE-2019-14466). -- Mike Gabriel <email address hidden> Sat, 31 Aug 2019 16:09:11 +0200