Debian Security Advisory 1829-2 – The previous update introduced a regression in main.php, causing the module to fail. This update corrects the flaw. It was discovered that sork-passwd-h3, a Horde3 module for users to change their password, is prone to a cross-site scripting attack via the backend parameter.
You can download this advisory from the following link: https://packetstormsecurity.com/files/download/79184/dsa-1829-2.txt
Source: https://packetstormsecurity.com/files/79184/Debian-Linux-Security-Advisory-1829-2.html