* Steffen Joeris <[EMAIL PROTECTED]> [2008-05-09 22:02]: > Since we provide security support for testing (and if possible through > unstable), it would be great if you could upload a fixed version to unstable > with priority=high, so it migrates to testing soonish. > It does not have to be the new upstream version, but it would be great if we > could get a patched version. > Thanks for your efforts.
We believe that the version of webcalendar currently in lenny/sid (1.0.5-15) is not affected by the XSS vulnerabilities described in CVE-2007-6696, as I described previously [1]. The version currently in experimental (1.2~b1-1) has been patched to avoid the problems. We are not going to upload 1.2~b1-1 to unstable, since this is considered as a pre-release by the upstream author. [1] http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=466935#37 -- Rafael -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
