severity 404234 important thanks On Fri, Dec 22, 2006 at 06:51:46PM +0100, Stefan Fritsch wrote: > Package: webcalendar > Severity: grave > Tags: security > Justification: user security hole
> A vulnerability has been found in webcalender: > Cross-site scripting (XSS) vulnerability in export_handler.php in > WebCalendar 1.0.4 and earlier allows remote attackers to inject > arbitrary web script or HTML via the format parameter. > See http://secunia.com/advisories/23341 for details. Please mention > the CVE id in the changelog. > I think it would be nice if it was fixed in etch, but I guess one > could also argue that this is not RC. Yes, last I knew, XSS vulns were not treated as 'grave' by the security team. Thanks, -- Steve Langasek Give me a lever long enough and a Free OS Debian Developer to set it on, and I can move the world. [EMAIL PROTECTED] http://www.debian.org/ -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
