[pkg-horde] Bug#478121: Bug#478121: Fixed kronolith2 packages
Gregory Colpart
reg at evolix.fr
Mon Apr 28 00:10:57 UTC 2008
Update:
- Etch version (source package and debdiff):
http://gcolpart.evolix.net/debian/kronolith2/kronolith2_2.1.4-1etch1.dsc
http://gcolpart.evolix.net/debian/kronolith2/kronolith2_2.1.4-1_2.1.4-1etch1.diff
- Sid version (source package and debdiff):
http://gcolpart.evolix.net/debian/kronolith2/kronolith2_2.1.8-1.dsc
http://gcolpart.evolix.net/debian/kronolith2/kronolith2_2.1.7-1_2.1.8-1.diff
[Note: I'm waiting sponsoring for sid package]
Information for the advisory:
8<----------------------------------
kronolith2 -- XSS vulnerability
Date Reported:
?? Apr 2008
Affected Packages:
kronolith2
Vulnerable:
Yes
Security database references:
In Mitre's CVE dictionary: CVE-2008-????
More information:
It was discovered that the Kronolith, calendar component for
Horde Framework, had a cross-site scripting vulnerability in the
add event screen. The input passed to the "url" parameter in the
file addevent.php was not properly sanitized.
For the stable distribution (etch) this problem has been fixed in version 2.1.4-1etch1.
For the unstable distribution (sid) this problem has been fixed in version 2.1.8-1.
We recommend that you upgrade your kronolith2 package.
8<----------------------------------
Regards,
--
Gregory Colpart <reg at evolix.fr> GnuPG:1024D/C1027A0E
Evolix - Informatique et Logiciels Libres http://www.evolix.fr/
More information about the pkg-horde-hackers
mailing list