Bug#429214: [CVE-2007-3154] vulnerability in included copy of wz_tooltip
Florian Weimer wrote: Package: dtc-common Severity: grave Tags: security Your package seems to embed a copy of wz_tooltip, for which a security bug has been reported: | Unspecified vulnerability in Walter Zorn wz_tooltip.js (aka | wz_tooltips) before 4.01, as used by eGroupWare before 1.2.107-2 and | other packages, has unknown impact and remote attack vectors. http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3154 Please upgrade the included copy, and backport the changes to stable (if necessary). Hi, It's released here: ftp://ftp.gplhost.com/debian/dists/etch/main/binary-i386/dtc_0.26.1-1.dsc It's going to be also available in one of our mirror in about one hour (rsync cron job...): ftp://ftp.gplhost.fr/debian/dists/etch/main/binary-i386/dtc_0.26.1-1.dsc ftp://ftp.gplhost.sg/debian/dists/etch/main/binary-i386/dtc_0.26.1-1.dsc If some DD can sponsor it as my usual sponsor is currently not replying (maybe in holiday?), I'd be happy. I have also fixes done for sbox and libapache-mod-log-sql available. Thomas -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Bug#429214: [CVE-2007-3154] vulnerability in included copy of wz_tooltip
Package: dtc-common Severity: grave Tags: security Your package seems to embed a copy of wz_tooltip, for which a security bug has been reported: | Unspecified vulnerability in Walter Zorn wz_tooltip.js (aka | wz_tooltips) before 4.01, as used by eGroupWare before 1.2.107-2 and | other packages, has unknown impact and remote attack vectors. http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3154 Please upgrade the included copy, and backport the changes to stable (if necessary). -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Bug#429214: [CVE-2007-3154] vulnerability in included copy of wz_tooltip
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Florian Weimer wrote: Package: dtc-common Severity: grave Tags: security Your package seems to embed a copy of wz_tooltip, for which a security bug has been reported: | Unspecified vulnerability in Walter Zorn wz_tooltip.js (aka | wz_tooltips) before 4.01, as used by eGroupWare before 1.2.107-2 and | other packages, has unknown impact and remote attack vectors. http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3154 Please upgrade the included copy, and backport the changes to stable (if necessary). Ok, I'm doing it at the moment, but the problem is that I got no reply from my sponsor. Just for your information, the wz_tooltip.js is only used when the user is logged into our control panel, so the implication for our package are quite small. Also, our package is not in stable debian. By the way, I'll release a new version asap, as I just said. Thomas -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.6 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFGdBQPl4M9yZjvmkkRAkFlAJoD3ECt8lOralnj2YvPmlKY+tCnYACeLl4s EbgAi7IqD292iw17FmdUPP0= =0bI5 -END PGP SIGNATURE- -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]