Package: phpgroupware
Severity: important
Tags: security
Hi,
CVE-2006-4458 reads:
Directory traversal vulnerability in calendar/inc/class.holidaycalc.inc.php in
phpGroupWare 0.9.16.010 and earlier allows remote attackers to include
arbitrary local files via a .. (dot dot) sequence and trailing null (%00) byte
in the GLOBALS[phpgw_info][user][preferences][common][country]
parameter.
It appears as if the versions currently in unstable/testing and stable are all
affected. Resolving this issue quickly is important for the security of Debian
users,
but remember that it is not just an issue that can be fixed by uploading a new
version in unstable. The issue needs to be isolated for the version currently
in
stable. Your participation in creating a package that resolves this issue
according to the guidelines specified in the developer's reference and the
debian
policy documents will be incredibly appreciated.
Please reference this CVE number in any changelogs resolving this issue.
-- System Information:
Debian Release: testing/unstable
APT prefers unstable
APT policy: (500, 'unstable')
Architecture: i386 (i686)
Shell: /bin/sh linked to /bin/bash
Kernel: Linux 2.6.17-2-vserver-686
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8)
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
