Stephen Gran wrote: > Hello all, > > There is a security bug in webcalendar (#315671 and > http://www.securityfocus.com/bid/14072, for reference). Tim is the > maintainer, but does not yet have a debian account, and cannot upload. > We have a fixed version for sarge ready (patch attached). I am happy to > upload it for Tim, or you could based on the attached patch. Please let > us know which way you want to handle this. Tim is copied on this mail, > please keep both of us in the follow ups. > > There is as yet no CVE, but the bugtraq ID is 14072.
Just got it: ====================================================== Candidate: CAN-2005-2320 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-2320 Reference: BID:14072 Reference: URL:http://www.securityfocus.com/bid/14072 WebCalendar before 1.0.0 does not properly restrict access to assistant_edit.php, which allows remote attackers to gain privileges. Regards, Joey -- Whenever you meet yourself you're in a time loop or in front of a mirror. Please always Cc to me when replying to me on the lists. -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]