As you can see in the changelog, these bugs are fixed in : -the stable version : 1:0.9.16.012+dfsg-8+lenny2 -the unstable version : 1:0.9.16.016+dfsg-1 that is uploaded on mentors.
These version does not work correctly on unstable and squeeze due to non conformance to php5.3. Upstream does not want to provide a tarball for php5.3, only keep the stable version alive, and wait for a proper version to work with php 5.3. C.Bac On Fri, 2010-06-04 at 10:52 +0200, Giuseppe Iuculano wrote: > Package: phpgroupware > Severity: grave > Tags: security > > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > Hi, > the following CVE (Common Vulnerabilities & Exposures) id was > published for phpgroupware. > > CVE-2010-0404[0]: > | Multiple SQL injection vulnerabilities in phpGroupWare (phpgw) before > | 0.9.16.016 allow remote attackers to execute arbitrary SQL commands > | via unspecified parameters to (1) class.sessions_db.inc.php, (2) > | class.translation_sql.inc.php, or (3) class.auth_sql.inc.php in > | phpgwapi/inc/. > > If you fix the vulnerability please also make sure to include the > CVE id in your changelog entry. > > For further information see: > > [0] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0404 > http://security-tracker.debian.org/tracker/CVE-2010-0404 > > > -----BEGIN PGP SIGNATURE----- > Version: GnuPG v1.4.10 (GNU/Linux) > > iEYEARECAAYFAkwIvrgACgkQNxpp46476aq41wCfQ0VPTXt9wJea3uxc8AyFqinN > iJEAn23Iev9NwpsKs0mobx63GDSVoOKs > =T2FI > -----END PGP SIGNATURE----- > > > -- To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org