Accepted webcalendar 0.9.45-4sarge7 (source all)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Format: 1.7
Date: Sat, 21 Apr 2007 18:57:48 +0200
Source: webcalendar
Binary: webcalendar
Architecture: source all
Version: 0.9.45-4sarge7
Distribution: oldstable-security
Urgency: high
Maintainer: Tim Peeler <thp@linuxforce.net>
Changed-By: Rafael Laboissiere <rafael@debian.org>
Description:
webcalendar - PHP-Based multi-user calendar
Changes:
webcalendar (0.9.45-4sarge7) oldstable-security; urgency=high
.
* Security upload by the current co-maintainer team (Elizabeth
Bevilacqua and Rafael Laboissiere)
* Fixes cross-site scripting (XSS) vulnerability in
export_handler.php that allows remote attackers to inject
arbitrary web script or HTML via the format parameter
[CVE-2006-6669]. Thanks to Thijs Kinkhorst.
* The previous security releases included fixes for CVE-2005-2320
(assistant_edit.php unauthorized access vulnerability) and
CVE-2007-1483 (execute arbitrary PHP code via a URL in the
includedir parameter, file includes/config.php)
Files:
0c12e6c6307413350af264045a4df964 608 web optional webcalendar_0.9.45-4sarge7.dsc
ced8d9c6f7d52a42c3297a685547cb06 13013 web optional webcalendar_0.9.45-4sarge7.diff.gz
39fca1d949580d18e1e293a1c181b1a8 629712 web optional webcalendar_0.9.45-4sarge7_all.deb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.1 (GNU/Linux)
iD8DBQFGK3VmXm3vHE4uyloRAkB5AJ47N/WvRFKzD2MYzcrFm6brIJKHWQCgtNtM
nCf3jonO+NXH1sJBCSB9Iw4=
=12Sl
-----END PGP SIGNATURE-----
Accepted:
webcalendar_0.9.45-4sarge7.diff.gz
to pool/main/w/webcalendar/webcalendar_0.9.45-4sarge7.diff.gz
webcalendar_0.9.45-4sarge7.dsc
to pool/main/w/webcalendar/webcalendar_0.9.45-4sarge7.dsc
webcalendar_0.9.45-4sarge7_all.deb
to pool/main/w/webcalendar/webcalendar_0.9.45-4sarge7_all.deb
Reply to: