* Nico Golde <[EMAIL PROTECTED]> [2008-02-25 00:12]: > could you check that back with the upstream author?
I prepared already a new version of the webcalendar package 1.1.6-7 in SVN with a patch to fix the problems and a change in the default value of the configuration variable ALLOW_HTML_DESCRIPTION (this should work even when upgrading the package). This fixes the three vulnerabilities described in CVE-2007-6696. The changes can be seen between revisions r8131 and r8134 in SVN [1]. I am waiting for the review from the co-maintainer of the package before doing the upload. I forwarded my patch to the upstream author [2] and also dropped a note in the bug tracker at SourceForge. [3] [1] http://svn.debian.org/wsvn/collab-maint/ext-maint/webcalendar/branches/devel/debian/?op=log&rev=0&sc=0&isdir=1 [2] http://sourceforge.net/tracker/index.php?func=detail&aid=1900597&group_id=3870&atid=303870 [3] http://sourceforge.net/tracker/index.php?func=detail&aid=1853501&group_id=3870&atid=103870 -- Rafael -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
