thanks On Thu, Mar 4, 2010 at 4:11 PM, Moritz Muehlenhoff <j...@debian.org> wrote: > Package: webcalendar > Severity: grave > Tags: security > > A few security issues have been reported for which I cannot find any > information on the upstream website. Please investigate: > > http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0636 > http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0637 > > On a side note: Rafael has resigned from Debian and recent bugs haven't > been followed up. If there's no actice maintainer team webcalendar should > be removed. > > Cheers, > Moritz > > -- System Information: > Debian Release: squeeze/sid > APT prefers unstable > APT policy: (500, 'unstable') > Architecture: i386 (i686) > > Kernel: Linux 2.6.32-2-686 (SMP w/1 CPU core) > Locale: LANG=C, lc_ctype=de_de.iso-8859...@euro (charmap=ISO-8859-15) > Shell: /bin/sh linked to /bin/bash > > Versions of packages webcalendar depends on: > pn apache | apache2 | apache-ssl <none> (no description available) > pn dbconfig-common <none> (no description available) > ii debconf [debconf-2.0] 1.5.28 Debian configuration management > sy > pn libapache-mod-php4 | libapach <none> (no description available) > pn php4-cli | php5-cli <none> (no description available) > pn php4-mysql | php4-pgsql | php <none> (no description available) > ii ucf 3.0025 Update Configuration File: > preserv > > Versions of packages webcalendar recommends: > pn mysql-client | postgresql-cli <none> (no description available) > pn mysql-server | postgresql <none> (no description available) > > Versions of packages webcalendar suggests: > pn php4-gd | php5-gd <none> (no description available) > > > >
Hey Moritz, I just hopped on as Co-Maintainer not 3 hours ago. I just found the CVEs, I will take a look. They sound plausible. Still working on getting the codebase sorted. -Paul -- #define sizeof(x) rand() :wq -- To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
