Nahuel Grisolia discovered two vulnerabilities in Egroupware, a web-based
groupware suite: Missing input sanitising in the spellchecker integration
may lead to the execution of arbitrary commands and a cross-site scripting
vulnerability was discovered in the login page.
For the stable distribution (lenny), these problems have been fixed in
version 1.4.004-2.dfsg-4.2.
The upcoming stable distribution (squeeze), no longer contains egroupware
packages.
We recommend that you upgrade your egroupware packages.