Am Samstag, 16. Juni 2007 12:10 schrieb Florian Weimer: > Package: egroupware-core > Severity: grave > Tags: security > > Your package seems to embed a copy of wz_tooltip, for which a security > > bug has been reported: > | Unspecified vulnerability in Walter Zorn wz_tooltip.js (aka > | wz_tooltips) before 4.01, as used by eGroupWare before 1.2.107-2 and > | other packages, has unknown impact and remote attack vectors. > > <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3154>
That information is inconsistent in several regards. eGroupWare 1.2.107-2 and later still uses wz_tooltips 3.45. And I don't find any information in the changelog that wz_tooltips 4.01 contains a security fix. -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
