diff -u horde3-3.1.3/debian/changelog horde3-3.1.3/debian/changelog
--- horde3-3.1.3/debian/changelog
+++ horde3-3.1.3/debian/changelog
@@ -1,3 +1,10 @@
+horde3 (3.1.3-4etch1) stable-security; urgency=high
+
+  * Fix XSS vulnerability. See CVE-2007-1473 for more information.
+    (Closes: #434045)
+
+ -- Gregory Colpart (evolix) <reg@evolix.fr>  Sun, 22 Jul 2007 06:43:08 +0200
+
 horde3 (3.1.3-4) unstable; urgency=high
 
   * Correction for arbitrary file deletion vulnerability,
only in patch2:
unchanged:
--- horde3-3.1.3.orig/lib/Horde/NLS.php
+++ horde3-3.1.3/lib/Horde/NLS.php
@@ -39,7 +39,9 @@
         if (isset($prefs) && $prefs->isLocked('language')) {
             $language = $prefs->getValue('language');
         /* Check if the user selected a language from the login screen */
-        } elseif (!empty($lang)) {
+        // backport security patch for etch
+        // See http://bugs.debian.org/434045 and http://bugs.horde.org/ticket/?id=4816
+        } elseif (!empty($lang) && NLS::isValid($lang)) {
             $language = $lang;
         /* Check if we have a language set in a cookie */
         } elseif (isset($_SESSION['horde_language'])) {