Florian Weimer wrote: > Package: dtc-common > Severity: grave > Tags: security > > Your package seems to embed a copy of wz_tooltip, for which a security > bug has been reported: > > | Unspecified vulnerability in Walter Zorn wz_tooltip.js (aka > | wz_tooltips) before 4.01, as used by eGroupWare before 1.2.107-2 and > | other packages, has unknown impact and remote attack vectors. > > <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3154> > > Please upgrade the included copy, and backport the changes to stable > (if necessary).
Hi, It's released here: ftp://ftp.gplhost.com/debian/dists/etch/main/binary-i386/dtc_0.26.1-1.dsc It's going to be also available in one of our mirror in about one hour (rsync cron job...): ftp://ftp.gplhost.fr/debian/dists/etch/main/binary-i386/dtc_0.26.1-1.dsc ftp://ftp.gplhost.sg/debian/dists/etch/main/binary-i386/dtc_0.26.1-1.dsc If some DD can sponsor it as my usual sponsor is currently not replying (maybe in holiday?), I'd be happy. I have also fixes done for sbox and libapache-mod-log-sql available. Thomas -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]