Hi Gregory Please upload to the usual place and I'll upload the sid package.
Best regards, // Ola On Mon, Apr 28, 2008 at 02:10:57AM +0200, Gregory Colpart wrote: > Update: > > - Etch version (source package and debdiff): > http://gcolpart.evolix.net/debian/kronolith2/kronolith2_2.1.4-1etch1.dsc > http://gcolpart.evolix.net/debian/kronolith2/kronolith2_2.1.4-1_2.1.4-1etch1.diff > > - Sid version (source package and debdiff): > http://gcolpart.evolix.net/debian/kronolith2/kronolith2_2.1.8-1.dsc > http://gcolpart.evolix.net/debian/kronolith2/kronolith2_2.1.7-1_2.1.8-1.diff > > [Note: I'm waiting sponsoring for sid package] > > Information for the advisory: > > 8<---------------------------------- > kronolith2 -- XSS vulnerability > > Date Reported: > ?? Apr 2008 > Affected Packages: > kronolith2 > Vulnerable: > Yes > Security database references: > In Mitre's CVE dictionary: CVE-2008-???? > More information: > > It was discovered that the Kronolith, calendar component for > Horde Framework, had a cross-site scripting vulnerability in the > add event screen. The input passed to the "url" parameter in the > file addevent.php was not properly sanitized. > > For the stable distribution (etch) this problem has been fixed in version > 2.1.4-1etch1. > > For the unstable distribution (sid) this problem has been fixed in version > 2.1.8-1. > > We recommend that you upgrade your kronolith2 package. > 8<---------------------------------- > > > Regards, > -- > Gregory Colpart <[EMAIL PROTECTED]> GnuPG:1024D/C1027A0E > Evolix - Informatique et Logiciels Libres http://www.evolix.fr/ > > > > _______________________________________________ > pkg-horde-hackers mailing list > [EMAIL PROTECTED] > http://lists.alioth.debian.org/mailman/listinfo/pkg-horde-hackers > -- --------------------- Ola Lundqvist --------------------------- / [EMAIL PROTECTED] Annebergsslingan 37 \ | [EMAIL PROTECTED] 654 65 KARLSTAD | | http://inguza.com/ +46 (0)70-332 1551 | \ gpg/f.p.: 7090 A92B 18FE 7994 0C36 4FE4 18A1 B1CF 0FE5 3DD9 / --------------------------------------------------------------- -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
