Accepted webcalendar 0.9.45-4sarge7 (source all)

-----BEGIN PGP SIGNED MESSAGE-----

Hash: SHA1

Format: 1.7
Date: Sat, 21 Apr 2007 18:57:48 +0200
Source: webcalendar
Binary: webcalendar
Architecture: source all
Version: 0.9.45-4sarge7
Distribution: oldstable-security
Urgency: high
Maintainer: Tim Peeler <thp@linuxforce.net> Changed-By: Rafael Laboissiere <rafael@debian.org> Description:
 webcalendar - PHP-Based multi-user calendar Changes:
 webcalendar (0.9.45-4sarge7) oldstable-security; urgency=high  .

• Security upload by the current co-maintainer team (Elizabeth Bevilacqua and Rafael Laboissiere)
• Fixes cross-site scripting (XSS) vulnerability in export_handler.php that allows remote attackers to inject arbitrary web script or HTML via the format parameter [CVE-2006-6669]. Thanks to Thijs Kinkhorst.
• The previous security releases included fixes for CVE-2005-2320 (assistant_edit.php unauthorized access vulnerability) and CVE-2007-1483 (execute arbitrary PHP code via a URL in the includedir parameter, file includes/config.php) Files: 0c12e6c6307413350af264045a4df964 608 web optional webcalendar_0.9.45-4sarge7.dsc ced8d9c6f7d52a42c3297a685547cb06 13013 web optional webcalendar_0.9.45-4sarge7.diff.gz 39fca1d949580d18e1e293a1c181b1a8 629712 web optional webcalendar_0.9.45-4sarge7_all.deb

-----BEGIN PGP SIGNATURE-----

Version: GnuPG v1.4.1 (GNU/Linux)

iD8DBQFGK3VmXm3vHE4uyloRAkB5AJ47N/WvRFKzD2MYzcrFm6brIJKHWQCgtNtM nCf3jonO+NXH1sJBCSB9Iw4=
=12Sl
-----END PGP SIGNATURE-----
Accepted:
webcalendar_0.9.45-4sarge7.diff.gz
  to pool/main/w/webcalendar/webcalendar_0.9.45-4sarge7.diff.gz webcalendar_0.9.45-4sarge7.dsc
  to pool/main/w/webcalendar/webcalendar_0.9.45-4sarge7.dsc webcalendar_0.9.45-4sarge7_all.deb
  to pool/main/w/webcalendar/webcalendar_0.9.45-4sarge7_all.deb

-- 
To UNSUBSCRIBE, email to debian-changes-REQUEST@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org