Accepted webcalendar 0.9.45-4sarge3 (source all)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Format: 1.7
Date: Tue, 28 Feb 2006 11:48:14 -0500
Source: webcalendar
Binary: webcalendar
Architecture: source all
Version: 0.9.45-4sarge3
Distribution: stable-security
Urgency: high
Maintainer: Martin Schulze <joey@debian.org>
Changed-By: Tim Peeler <thp@linuxforce.net>
Description:
webcalendar - PHP-Based multi-user calendar
Changes:
webcalendar (0.9.45-4sarge3) stable-security; urgency=high
.
* Fixed multiple security vulnerabilities
(http://www.ush.it/2005/11/28/webcalendar-multiple-vulnerabilities/)
* Fixed multiple SQL Injection vulnerabilities (CVE-2005-3949)
files: activity_log.php startid parameter, edit_template.php template
parameter, and export_handler.php multiple parameters. admin_handler.php
is not vulnerable in this version
* Fixed CRLF injection XSS/response splitting vulnerability (CVE-2005-3982)
files: layers_toggle.php ret parameter (required change to url param)
* Fixed local file overwrite vulnerability (CVE-2005-3961)
files: export_handler.php id parameter
Files:
a0cd6c66192d6fcb08ad235bab03682f 610 web optional webcalendar_0.9.45-4sarge3.dsc
01cadcadb69aea8688183bf7093b90e8 11838 web optional webcalendar_0.9.45-4sarge3.diff.gz
eebb63997aa535fce008490679d89b3a 629166 web optional webcalendar_0.9.45-4sarge3_all.deb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2.2 (GNU/Linux)
iD8DBQFEFRmXW5ql+IAeqTIRAqxGAJ9VTzalf7t/9muOTe9fFzG+8XtMwQCffZs3
exRV5kLecytfJtwCv81/kao=
=iitU
-----END PGP SIGNATURE-----
Accepted:
webcalendar_0.9.45-4sarge3.diff.gz
to pool/main/w/webcalendar/webcalendar_0.9.45-4sarge3.diff.gz
webcalendar_0.9.45-4sarge3.dsc
to pool/main/w/webcalendar/webcalendar_0.9.45-4sarge3.dsc
webcalendar_0.9.45-4sarge3_all.deb
to pool/main/w/webcalendar/webcalendar_0.9.45-4sarge3_all.deb
Reply to: