From $URL: The Horde Team has released version 1.0.4 of the Horde_Auth framework package. This is an important security release that fixes a serious bug in the composite authentication driver that could allow a user to access the Horde system even though authentication failed for a sub-driver. Affected are all versions of the Horde_Auth library from 1.0.0alpha1 to 1.0.3. Only systems using the composite authentication driver are affected. Horde applications that require another login step, e.g. IMP, are not affected, even if this 2nd authentication is done transparently. All affected systems should update the Horde_Auth package IMMEDIATELY. This can be done using the PEAR installer: pear upgrade horde/horde_auth The Horde Team.
bumped, removed old version. Closing noglsa as ~arch only. Thanks.