Package: tomcat5-webapps Version: 5.0.30-12 Severity: minor Tags: security Hi, a CVE[0] has been issued against your package. CVE-2007-4724: Cross-site request forgery (CSRF) vulnerability in cal2.jsp in the calendar examples application in Apache Tomcat 4.1.31 allows remote attackers to add events as arbitrary users via the time and description parameters.
I verified that this isse is present in etch however it is fixed in tomcat5.5-webapps in unstable and testing. Please include the CVE id in the changelog if you fix this issue. [0] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4724 Kind regards Nico -- Nico Golde - http://ngolde.de - [EMAIL PROTECTED] - GPG: 0x73647CFF For security reasons, all text in this mail is double-rot13 encrypted.
pgpvR8UpYSf12.pgp
Description: PGP signature
_______________________________________________ pkg-java-maintainers mailing list pkg-java-maintainers@lists.alioth.debian.org http://lists.alioth.debian.org/mailman/listinfo/pkg-java-maintainers
