Package: kronolith Version: 2.1.4-1 Severity: important Tags: security A vulnerability has been reported in Kronolith, which can be exploited by malicious users to disclose sensitive information.
Input passed to the "view" parameter within the "Kronolith_FreeBusy_View::factory" function in lib/FBView.php is not properly verified before being used to include files. This can be exploited to include arbitrary files from local resources. The vulnerability is reported in versions prior to 2.0.7 and 2.1.4. If kronolith dont vulnerable I will close this bug. -- System Information: Debian Release: 4.0 APT prefers unstable APT policy: (500, 'unstable') Architecture: i386 (i686) Shell: /bin/sh linked to /bin/bash Kernel: Linux 2.6.18-2-486 Locale: LANG=pt_BR.UTF-8, LC_CTYPE=pt_BR.UTF-8 (charmap=UTF-8) -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
