-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Format: 1.7 Date: Sat, 21 Apr 2007 18:57:48 +0200 Source: webcalendar Binary: webcalendar Architecture: source all Version: 0.9.45-4sarge7 Distribution: oldstable-security Urgency: high Maintainer: Tim Peeler <thp@linuxforce.net> Changed-By: Rafael Laboissiere <rafael@debian.org> Description: webcalendar - PHP-Based multi-user calendar Changes: webcalendar (0.9.45-4sarge7) oldstable-security; urgency=high . * Security upload by the current co-maintainer team (Elizabeth Bevilacqua and Rafael Laboissiere) * Fixes cross-site scripting (XSS) vulnerability in export_handler.php that allows remote attackers to inject arbitrary web script or HTML via the format parameter [CVE-2006-6669]. Thanks to Thijs Kinkhorst. * The previous security releases included fixes for CVE-2005-2320 (assistant_edit.php unauthorized access vulnerability) and CVE-2007-1483 (execute arbitrary PHP code via a URL in the includedir parameter, file includes/config.php) Files: 0c12e6c6307413350af264045a4df964 608 web optional webcalendar_0.9.45-4sarge7.dsc ced8d9c6f7d52a42c3297a685547cb06 13013 web optional webcalendar_0.9.45-4sarge7.diff.gz 39fca1d949580d18e1e293a1c181b1a8 629712 web optional webcalendar_0.9.45-4sarge7_all.deb -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.1 (GNU/Linux) iD8DBQFGK3VmXm3vHE4uyloRAkB5AJ47N/WvRFKzD2MYzcrFm6brIJKHWQCgtNtM nCf3jonO+NXH1sJBCSB9Iw4= =12Sl -----END PGP SIGNATURE----- Accepted: webcalendar_0.9.45-4sarge7.diff.gz to pool/main/w/webcalendar/webcalendar_0.9.45-4sarge7.diff.gz webcalendar_0.9.45-4sarge7.dsc to pool/main/w/webcalendar/webcalendar_0.9.45-4sarge7.dsc webcalendar_0.9.45-4sarge7_all.deb to pool/main/w/webcalendar/webcalendar_0.9.45-4sarge7_all.deb