[kronolith2] [CVE-2008-1974] cross site scripting
Bug #227291 reported by
disabled.user
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
kronolith2 (Debian) |
Fix Released
|
Unknown
|
|||
kronolith2 (Ubuntu) |
Fix Released
|
Undecided
|
Unassigned | ||
Dapper |
Won't Fix
|
Undecided
|
Unassigned | ||
Feisty |
Won't Fix
|
Undecided
|
Unassigned | ||
Gutsy |
Won't Fix
|
Undecided
|
Unassigned | ||
Hardy |
Won't Fix
|
Undecided
|
Unassigned | ||
Intrepid |
Fix Released
|
Undecided
|
Unassigned |
Bug Description
Binary package hint: kronolith2
References:
DSA-1560-1 (http://
Quoting:
»"The-0utl4w" discovered that the Kronolith, calendar component for
the Horde Framework, didn't properly sanitise URL input, leading to
a cross-site scripting vulnerability in the add event screen.«
CVE References
Changed in kronolith2: | |
status: | Unknown → Fix Released |
Changed in kronolith2: | |
status: | New → Fix Released |
To post a comment you must log in.
Ubuntu Feisty Fawn is no longer supported, so a SRU will not be issued for this release. Marking Feisty as Won't Fix.