diff -u horde3-3.0.4/debian/changelog horde3-3.0.4/debian/changelog
--- horde3-3.0.4/debian/changelog
+++ horde3-3.0.4/debian/changelog
@@ -1,3 +1,10 @@
+horde3 (3.0.4-4sarge5) oldstable-security; urgency=high
+
+  * Fix XSS vulnerability. See CVE-2007-1473 for more information.
+    (Closes: #434045)
+
+ -- Gregory Colpart (evolix) <reg@evolix.fr>  Sun, 22 Jul 2007 06:29:12 +0200
+
 horde3 (3.0.4-4sarge4) stable-security; urgency=high
 
   * Non-maintainer upload by the Security Team
only in patch2:
unchanged:
--- horde3-3.0.4.orig/lib/Horde/NLS.php
+++ horde3-3.0.4/lib/Horde/NLS.php
@@ -42,7 +42,9 @@
         if (isset($prefs) && $prefs->isLocked('language')) {
             $language = $prefs->getValue('language');
         /* Check if the user selected a language from the login screen */
-        } elseif (!empty($lang)) {
+        // backport security patch for sarge
+        // See http://bugs.debian.org/434045 and http://bugs.horde.org/ticket/?id=4816
+        } elseif (!empty($lang) && NLS::isValid($lang)) {
             $language = $lang;
         /* Check if we have a language set in a cookie */
         } elseif (isset($_SESSION['horde_language'])) {