-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Format: 1.7 Date: Tue, 28 Feb 2006 11:48:14 -0500 Source: webcalendar Binary: webcalendar Architecture: source all Version: 0.9.45-4sarge3 Distribution: stable-security Urgency: high Maintainer: Martin Schulze <joey@debian.org> Changed-By: Tim Peeler <thp@linuxforce.net> Description: webcalendar - PHP-Based multi-user calendar Changes: webcalendar (0.9.45-4sarge3) stable-security; urgency=high . * Fixed multiple security vulnerabilities (http://www.ush.it/2005/11/28/webcalendar-multiple-vulnerabilities/) * Fixed multiple SQL Injection vulnerabilities (CVE-2005-3949) files: activity_log.php startid parameter, edit_template.php template parameter, and export_handler.php multiple parameters. admin_handler.php is not vulnerable in this version * Fixed CRLF injection XSS/response splitting vulnerability (CVE-2005-3982) files: layers_toggle.php ret parameter (required change to url param) * Fixed local file overwrite vulnerability (CVE-2005-3961) files: export_handler.php id parameter Files: a0cd6c66192d6fcb08ad235bab03682f 610 web optional webcalendar_0.9.45-4sarge3.dsc 01cadcadb69aea8688183bf7093b90e8 11838 web optional webcalendar_0.9.45-4sarge3.diff.gz eebb63997aa535fce008490679d89b3a 629166 web optional webcalendar_0.9.45-4sarge3_all.deb -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.2.2 (GNU/Linux) iD8DBQFEFRmXW5ql+IAeqTIRAqxGAJ9VTzalf7t/9muOTe9fFzG+8XtMwQCffZs3 exRV5kLecytfJtwCv81/kao= =iitU -----END PGP SIGNATURE----- Accepted: webcalendar_0.9.45-4sarge3.diff.gz to pool/main/w/webcalendar/webcalendar_0.9.45-4sarge3.diff.gz webcalendar_0.9.45-4sarge3.dsc to pool/main/w/webcalendar/webcalendar_0.9.45-4sarge3.dsc webcalendar_0.9.45-4sarge3_all.deb to pool/main/w/webcalendar/webcalendar_0.9.45-4sarge3_all.deb