Register | Log in

webcit

Choose email to subscribe with

general

source: webcit (main)
version: 917-dfsg-2
maintainer: Debian Citadel Team (archive) (DMD)
uploaders: Alexander Wirt [DMD] – Michael Meskes [DMD] – Wilfried Goesgens [DMD]
arch: all any
std-ver: 4.1.3
VCS: Git (Browse)

versions [more versions can be listed by madison] [old versions available from snapshot.debian.org]

[pool directory]

o-o-stable: 8.24-dfsg-1
oldstable: 902-dfsg-4
stable: 917-dfsg-2

versioned links

8.24-dfsg-1: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
902-dfsg-4: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
917-dfsg-2: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]

binaries

citadel-suite
citadel-webcit

package is gone

This package is not in any development repository. This probably means that the package has been removed (or has been renamed). Thus the information here is of little interest ... the package is going to disappear unless someone takes it over and reintroduces it.

action needed

lintian reports 1 error and 4 warnings high

Lintian reports 1 error and 4 warnings about this package. You should make the package lintian clean getting rid of them.

Created: 2020-07-29 Last update: 2020-08-22 06:06

4 ignored security issues in stretch low

There are 4 open security issues in stretch.

4 issues skipped by the security teams:

CVE-2020-27739: A Weak Session Management vulnerability in Citadel WebCit through 926 allows unauthenticated remote attackers to hijack recently logged-in users' sessions. NOTE: this was reported to the vendor in a publicly archived "Multiple Security Vulnerabilities in WebCit 926" thread.
CVE-2020-27740: Citadel WebCit through 926 allows unauthenticated remote attackers to enumerate valid users within the platform. NOTE: this was reported to the vendor in a publicly archived "Multiple Security Vulnerabilities in WebCit 926" thread.
CVE-2020-27741: Multiple cross-site scripting (XSS) vulnerabilities in Citadel WebCit through 926 allow remote attackers to inject arbitrary web script or HTML via multiple pages and parameters. NOTE: this was reported to the vendor in a publicly archived "Multiple Security Vulnerabilities in WebCit 926" thread.
CVE-2020-27742: An Insecure Direct Object Reference vulnerability in Citadel WebCit through 926 allows authenticated remote attackers to read someone else's emails via the msg_confirm_move template. NOTE: this was reported to the vendor in a publicly archived "Multiple Security Vulnerabilities in WebCit 926" thread.

Please fix them.

Created: 2020-10-29 Last update: 2020-12-11 01:35

4 ignored security issues in buster low

There are 4 open security issues in buster.

4 issues skipped by the security teams:

CVE-2020-27739: A Weak Session Management vulnerability in Citadel WebCit through 926 allows unauthenticated remote attackers to hijack recently logged-in users' sessions. NOTE: this was reported to the vendor in a publicly archived "Multiple Security Vulnerabilities in WebCit 926" thread.
CVE-2020-27740: Citadel WebCit through 926 allows unauthenticated remote attackers to enumerate valid users within the platform. NOTE: this was reported to the vendor in a publicly archived "Multiple Security Vulnerabilities in WebCit 926" thread.
CVE-2020-27741: Multiple cross-site scripting (XSS) vulnerabilities in Citadel WebCit through 926 allow remote attackers to inject arbitrary web script or HTML via multiple pages and parameters. NOTE: this was reported to the vendor in a publicly archived "Multiple Security Vulnerabilities in WebCit 926" thread.
CVE-2020-27742: An Insecure Direct Object Reference vulnerability in Citadel WebCit through 926 allows authenticated remote attackers to read someone else's emails via the msg_confirm_move template. NOTE: this was reported to the vendor in a publicly archived "Multiple Security Vulnerabilities in WebCit 926" thread.

Please fix them.

Created: 2020-10-29 Last update: 2020-12-11 01:35

news

[2020-12-04] Removed 917-dfsg-5 from unstable (Debian FTP Masters)
[2020-04-06] Accepted webcit 917-dfsg-5 (source) into unstable (Joao Eriberto Mota Filho)
[2019-10-19] webcit REMOVED from testing (Debian testing watch)
[2019-09-07] webcit 917-dfsg-4 MIGRATED to testing (Debian testing watch)
[2019-09-01] Accepted webcit 917-dfsg-4 (source) into unstable (Joao Eriberto Mota Filho)
[2019-07-11] Accepted webcit 917-dfsg-3 (source all amd64) into unstable (Michael Meskes)
[2018-02-27] webcit 917-dfsg-2 MIGRATED to testing (Debian testing watch)
[2018-02-22] Accepted webcit 917-dfsg-2 (source all amd64) into unstable (Michael Meskes)
[2018-01-11] webcit 917-dfsg-1 MIGRATED to testing (Debian testing watch)
[2018-01-05] Accepted webcit 917-dfsg-1 (source all amd64) into unstable (Michael Meskes)
[2018-01-03] Accepted webcit 916-dfsg-1 (source all amd64) into unstable (Michael Meskes)
[2017-06-20] webcit 904-dfsg-1 MIGRATED to testing (Debian testing watch)
[2017-06-06] Accepted webcit 904-dfsg-1 (source all amd64) into unstable (Michael Meskes)
[2017-01-26] webcit 902-dfsg-4 MIGRATED to testing (Debian testing watch)
[2017-01-15] Accepted webcit 902-dfsg-4 (source all amd64) into unstable (Michael Meskes)
[2016-12-26] webcit 902-dfsg-3 MIGRATED to testing (Debian testing watch)
[2016-12-15] Accepted webcit 902-dfsg-3 (source all amd64) into unstable (Michael Meskes)
[2016-11-05] webcit 902-dfsg-2 MIGRATED to testing (Debian testing watch)
[2016-10-30] Accepted webcit 902-dfsg-2 (source all amd64) into unstable (Michael Meskes)
[2016-05-21] webcit 902-dfsg-1 MIGRATED to testing (Debian testing watch)
[2016-05-15] Accepted webcit 902-dfsg-1 (source all amd64) into unstable (Michael Meskes)
[2015-07-15] webcit 9.01-dfsg-1 MIGRATED to testing (Britney)
[2015-07-09] Accepted webcit 9.01-dfsg-1 (source all amd64) into unstable (Michael Meskes)
[2014-02-03] webcit 8.24-dfsg-1 MIGRATED to testing (Debian testing watch)
[2014-01-28] Accepted webcit 8.24-dfsg-1 (source amd64 all) (Michael Meskes)
[2013-11-25] webcit 8.22-dfsg-1 MIGRATED to testing (Debian testing watch)
[2013-11-14] Accepted webcit 8.22-dfsg-1 (source amd64 all) (Michael Meskes)
[2013-09-05] Accepted webcit 8.20-dfsg-1 (source amd64 all) (Michael Meskes)
[2013-05-05] webcit 8.16-dfsg-1 MIGRATED to testing (Debian testing watch)
[2013-03-10] Accepted webcit 8.16-dfsg-1 (source amd64 all) (Michael Meskes)

1
2

bugs [bug history graph]

all: 0

links

homepage
lintian (1, 4)
buildd: logs, clang, cross
popcon
browse source code
edit tags
other distros
security tracker

Debian Package Tracker — Copyright 2013-2018 The Distro Tracker Developers

Report problems to the tracker.debian.org pseudo-package in the Debian BTS.

Documentation — Bugs — Git Repository — Contributing