[pkg-horde] Bug#478121: Bug#478121: Bug#478121: Fixed kronolith2 packages

Ola Lundqvist opal at debian.org
Mon Apr 28 08:16:12 UTC 2008 

Hi Gregory

Please upload to the usual place and I'll upload the sid package.

Best regards,

// Ola

On Mon, Apr 28, 2008 at 02:10:57AM +0200, Gregory Colpart wrote:
> Update:
> 
> - Etch version (source package and debdiff):
> http://gcolpart.evolix.net/debian/kronolith2/kronolith2_2.1.4-1etch1.dsc
> http://gcolpart.evolix.net/debian/kronolith2/kronolith2_2.1.4-1_2.1.4-1etch1.diff
> 
> - Sid version (source package and debdiff):
> http://gcolpart.evolix.net/debian/kronolith2/kronolith2_2.1.8-1.dsc
> http://gcolpart.evolix.net/debian/kronolith2/kronolith2_2.1.7-1_2.1.8-1.diff
> 
> [Note: I'm waiting sponsoring for sid package]
> 
> Information for the advisory:
> 
> 8<----------------------------------
> kronolith2 -- XSS vulnerability
> 
> Date Reported:
>     ?? Apr 2008
> Affected Packages:
>     kronolith2
> Vulnerable:
>     Yes
> Security database references:
>     In Mitre's CVE dictionary: CVE-2008-????
> More information:
> 
> It was discovered that the Kronolith, calendar component for
> Horde Framework, had a cross-site scripting vulnerability in the
> add event screen. The input passed to the "url" parameter in the
> file addevent.php was not properly sanitized.
> 
> For the stable distribution (etch) this problem has been fixed in version 2.1.4-1etch1.
> 
> For the unstable distribution (sid) this problem has been fixed in version 2.1.8-1.
> 
> We recommend that you upgrade your kronolith2 package.
> 8<----------------------------------
> 
> 
> Regards,
> -- 
> Gregory Colpart <reg at evolix.fr>  GnuPG:1024D/C1027A0E
> Evolix - Informatique et Logiciels Libres http://www.evolix.fr/
> 
> 
> 
> _______________________________________________
> pkg-horde-hackers mailing list
> pkg-horde-hackers at lists.alioth.debian.org
> http://lists.alioth.debian.org/mailman/listinfo/pkg-horde-hackers
> 

-- 
 --------------------- Ola Lundqvist ---------------------------
/  opal at debian.org                     Annebergsslingan 37      \
|  ola at inguza.com                      654 65 KARLSTAD          |
|  http://inguza.com/                  +46 (0)70-332 1551       |
\  gpg/f.p.: 7090 A92B 18FE 7994 0C36  4FE4 18A1 B1CF 0FE5 3DD9 /
 ---------------------------------------------------------------

More information about the pkg-horde-hackers mailing list