-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Florian Weimer wrote: > Package: dtc-common > Severity: grave > Tags: security > > Your package seems to embed a copy of wz_tooltip, for which a security > bug has been reported: > > | Unspecified vulnerability in Walter Zorn wz_tooltip.js (aka > | wz_tooltips) before 4.01, as used by eGroupWare before 1.2.107-2 and > | other packages, has unknown impact and remote attack vectors. > > <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3154> > > Please upgrade the included copy, and backport the changes to stable > (if necessary).
Ok, I'm doing it at the moment, but the problem is that I got no reply from my sponsor. Just for your information, the wz_tooltip.js is only used when the user is logged into our control panel, so the implication for our package are quite small. Also, our package is not in stable debian. By the way, I'll release a new version asap, as I just said. Thomas -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.6 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFGdBQPl4M9yZjvmkkRAkFlAJoD3ECt8lOralnj2YvPmlKY+tCnYACeLl4s EbgAi7IqD292iw17FmdUPP0= =0bI5 -----END PGP SIGNATURE----- -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]