webcalendar -- missing input sanitising

2007-04-22T00:00:00
ID DSA-1279
Type debian
Reporter Debian
Modified 2007-04-22T00:00:00

Description

It was discovered that WebCalendar, a PHP-based calendar application, performs insufficient sanitising in the exports handler, which allows injection of web script.

For the old stable distribution (sarge) this problem has been fixed in version 0.9.45-4sarge7.

The stable distribution (etch) no longer contains WebCalendar packages.

For the unstable distribution (sid) this problem has been fixed in version 1.0.5-2.

We recommend that you upgrade your webcalendar package.