* Modestas Vainius: > eGroupWare svn commit 23934 upgraded wz_tooltip.js from v3.25 to v3.45 so > apparently the security problem was fixed between >3.25 and <=3.45. ktorrent > had wz_tooltip.js v3.44 which I now believe was not affected by this bug > since a fix/new feature in 3.45 is probably not related. Although I > have "fixed" #429209 by upgrading to v3.45, now I believe this change was > redundant (but I'm not going to revert it) and the bug was false alarm.
In the meantime, I've asked the developer of wz_tooltip.js, and he isn't aware of a security fix, either. In a next step, I'm going to ask the person who supplied the bug information to egroupware. To me, it begins to look like an error on egroupware's part; they have invented a security bug where none existed. -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]