This one time, at band camp, Martin Schulze said: > Stephen Gran wrote: > > Hello all, > > Thanks a lot for contacting us. > > > There is a security bug in webcalendar (#315671 and > > http://www.securityfocus.com/bid/14072, for reference). Tim is the > > maintainer, but does not yet have a debian account, and cannot upload. > > We have a fixed version for sarge ready (patch attached). I am happy to > > upload it for Tim, or you could based on the attached patch. Please let > > us know which way you want to handle this. Tim is copied on this mail, > > please keep both of us in the follow ups. > > > > There is as yet no CVE, but the bugtraq ID is 14072. > > I have requested an id.
Great, thanks. > While we're at it, have you checked this vulnerability as well? > http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0474 I had not seen it before. We will get you a patch for this as well. > I'll take care of sarge. Excellent news. So we'll try to get you a patch for CAN-2005-0474 later today if possible, and you'll handle the upload fixing both - does that work for you? I guess I'll file a bug about CAN-2005-0474, so it's easier to track it getting into both sid and etch. Thanks again, -- ----------------------------------------------------------------- | ,''`. Stephen Gran | | : :' : [EMAIL PROTECTED] | | `. `' Debian user, admin, and developer | | `- http://www.debian.org | -----------------------------------------------------------------
signature.asc
Description: Digital signature