Package: webcalendar Severity: grave Tags: security Justification: user security hole
Two more vulnerabilities have been discovered in webcalendar: 1. SQL injection through the time_range parameter (CVE-2005-3984) 2. CRLF injection in layers_toggle.php (CVE-2005-3982) Please see http://vd.lwang.org/webcalendar_multiple_vulns.txt for details. Cheers, Moritz -- System Information: Debian Release: testing/unstable APT prefers unstable APT policy: (500, 'unstable') Architecture: i386 (i686) Shell: /bin/sh linked to /bin/bash Kernel: Linux 2.6.14-2-686 Locale: LANG=C, [EMAIL PROTECTED] (charmap=ISO-8859-15) -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]