Hello, The package kronolith2 has XSS vulnerability (see #478121). Note I have private from upstream for coordination between vendors (I can forward these mails if you want).
I prepared fixed packages: - Etch version (source package and debdiff): http://gcolpart.evolix.net/debian/kronolith2/kronolith2_2.1.4-1etch1.dsc http://gcolpart.evolix.net/debian/kronolith2/kronolith2_2.1.4-1_2.1.4-1etch1.diff - Sid version (source package and debdiff): <not yet...I'm waiting Kronolith 2.1.8...> *draft* of information for the advisory: 8<---------------------------------- kronolith2 -- XSS vulnerability Date Reported: ?? Apr 2008 Affected Packages: kronolith2 Vulnerable: Yes Security database references: In Mitre's CVE dictionary: CVE-2008-???? More information: It was discovered that the Kronolith has XSS vulnerability in the add event screen. For the stable distribution (etch) this problem has been fixed in version 2.1.4-1etch1. For the unstable distribution (sid) this problem *will be* fixed in version 2.1.8-1. We recommend that you upgrade your kronolith2 package. 8<---------------------------------- Regards, -- Gregory Colpart <[EMAIL PROTECTED]> GnuPG:1024D/C1027A0E Evolix - Informatique et Logiciels Libres http://www.evolix.fr/ -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
