Update: - Etch version (source package and debdiff): http://gcolpart.evolix.net/debian/kronolith2/kronolith2_2.1.4-1etch1.dsc http://gcolpart.evolix.net/debian/kronolith2/kronolith2_2.1.4-1_2.1.4-1etch1.diff
- Sid version (source package and debdiff): http://gcolpart.evolix.net/debian/kronolith2/kronolith2_2.1.8-1.dsc http://gcolpart.evolix.net/debian/kronolith2/kronolith2_2.1.7-1_2.1.8-1.diff [Note: I'm waiting sponsoring for sid package] Information for the advisory: 8<---------------------------------- kronolith2 -- XSS vulnerability Date Reported: ?? Apr 2008 Affected Packages: kronolith2 Vulnerable: Yes Security database references: In Mitre's CVE dictionary: CVE-2008-???? More information: It was discovered that the Kronolith, calendar component for Horde Framework, had a cross-site scripting vulnerability in the add event screen. The input passed to the "url" parameter in the file addevent.php was not properly sanitized. For the stable distribution (etch) this problem has been fixed in version 2.1.4-1etch1. For the unstable distribution (sid) this problem has been fixed in version 2.1.8-1. We recommend that you upgrade your kronolith2 package. 8<---------------------------------- Regards, -- Gregory Colpart <[EMAIL PROTECTED]> GnuPG:1024D/C1027A0E Evolix - Informatique et Logiciels Libres http://www.evolix.fr/ -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]