[pkg-horde] Bug#478121: Fixed kronolith2 packages
Gregory Colpart
reg at evolix.fr
Sun Apr 27 10:41:19 UTC 2008
Hello,
The package kronolith2 has XSS vulnerability (see #478121).
Note I have private from upstream for coordination between
vendors (I can forward these mails if you want).
I prepared fixed packages:
- Etch version (source package and debdiff):
http://gcolpart.evolix.net/debian/kronolith2/kronolith2_2.1.4-1etch1.dsc
http://gcolpart.evolix.net/debian/kronolith2/kronolith2_2.1.4-1_2.1.4-1etch1.diff
- Sid version (source package and debdiff):
<not yet...I'm waiting Kronolith 2.1.8...>
*draft* of information for the advisory:
8<----------------------------------
kronolith2 -- XSS vulnerability
Date Reported:
?? Apr 2008
Affected Packages:
kronolith2
Vulnerable:
Yes
Security database references:
In Mitre's CVE dictionary: CVE-2008-????
More information:
It was discovered that the Kronolith has XSS vulnerability
in the add event screen.
For the stable distribution (etch) this problem has been fixed in version 2.1.4-1etch1.
For the unstable distribution (sid) this problem *will be* fixed in version 2.1.8-1.
We recommend that you upgrade your kronolith2 package.
8<----------------------------------
Regards,
--
Gregory Colpart <reg at evolix.fr> GnuPG:1024D/C1027A0E
Evolix - Informatique et Logiciels Libres http://www.evolix.fr/
More information about the pkg-horde-hackers
mailing list