egroupware - programming errors

Several vulnerabilities have been discovered in egroupware, a
web-based groupware suite. The Common Vulnerabilities and Exposures
project identifies the following problems:

• CVE-2005-0870
  Maksymilian Arciemowicz discovered several cross site scripting
  problems in phpsysinfo, which are also present in the imported
  version in egroupware and of which not all were fixed in
  DSA 724.
• CVE-2005-2600
  Alexander Heidenreich discovered a cross-site scripting problem in
  the tree view of FUD Forum Bulletin Board Software, which is also
  present in egroupware and allows remote attackers to read private
  posts via a modified mid parameter.
• CVE-2005-3347
  Christopher Kunz discovered that local variables get overwritten
  unconditionally in phpsysinfo, which are also present in
  egroupware, and are trusted later, which could lead to the
  inclusion of arbitrary files.
• CVE-2005-3348
  Christopher Kunz discovered that user-supplied input is used
  unsanitised in phpsysinfo and imported in egroupware, causing a
  HTTP Response splitting problem.

The old stable distribution (woody) does not contain egroupware packages.

For the stable distribution (sarge) this problem has been fixed in
version 1.0.0.007-2.dfsg-2sarge4.

For the unstable distribution (sid) this problem has been fixed in
version 1.0.0.009.dfsg-3-3.

We recommend that you upgrade your egroupware packages.