[pkg-horde] Bug#478121: Bug#478121: Bug#478121: Fixed kronolith2 packages
Ola Lundqvist
opal at debian.org
Mon Apr 28 08:16:12 UTC 2008
Hi Gregory
Please upload to the usual place and I'll upload the sid package.
Best regards,
// Ola
On Mon, Apr 28, 2008 at 02:10:57AM +0200, Gregory Colpart wrote:
> Update:
>
> - Etch version (source package and debdiff):
> http://gcolpart.evolix.net/debian/kronolith2/kronolith2_2.1.4-1etch1.dsc
> http://gcolpart.evolix.net/debian/kronolith2/kronolith2_2.1.4-1_2.1.4-1etch1.diff
>
> - Sid version (source package and debdiff):
> http://gcolpart.evolix.net/debian/kronolith2/kronolith2_2.1.8-1.dsc
> http://gcolpart.evolix.net/debian/kronolith2/kronolith2_2.1.7-1_2.1.8-1.diff
>
> [Note: I'm waiting sponsoring for sid package]
>
> Information for the advisory:
>
> 8<----------------------------------
> kronolith2 -- XSS vulnerability
>
> Date Reported:
> ?? Apr 2008
> Affected Packages:
> kronolith2
> Vulnerable:
> Yes
> Security database references:
> In Mitre's CVE dictionary: CVE-2008-????
> More information:
>
> It was discovered that the Kronolith, calendar component for
> Horde Framework, had a cross-site scripting vulnerability in the
> add event screen. The input passed to the "url" parameter in the
> file addevent.php was not properly sanitized.
>
> For the stable distribution (etch) this problem has been fixed in version 2.1.4-1etch1.
>
> For the unstable distribution (sid) this problem has been fixed in version 2.1.8-1.
>
> We recommend that you upgrade your kronolith2 package.
> 8<----------------------------------
>
>
> Regards,
> --
> Gregory Colpart <reg at evolix.fr> GnuPG:1024D/C1027A0E
> Evolix - Informatique et Logiciels Libres http://www.evolix.fr/
>
>
>
> _______________________________________________
> pkg-horde-hackers mailing list
> pkg-horde-hackers at lists.alioth.debian.org
> http://lists.alioth.debian.org/mailman/listinfo/pkg-horde-hackers
>
--
--------------------- Ola Lundqvist ---------------------------
/ opal at debian.org Annebergsslingan 37 \
| ola at inguza.com 654 65 KARLSTAD |
| http://inguza.com/ +46 (0)70-332 1551 |
\ gpg/f.p.: 7090 A92B 18FE 7994 0C36 4FE4 18A1 B1CF 0FE5 3DD9 /
---------------------------------------------------------------
More information about the pkg-horde-hackers
mailing list