[CVE-2007-5091] egroupware: new upstream version 1.4.002
Bug #151492 reported by
RalfBecker
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
egroupware (Debian) |
Fix Released
|
Unknown
|
|||
egroupware (Ubuntu) |
Fix Released
|
Undecided
|
Unassigned | ||
Bug Description
Binary package hint: egroupware
The new upstream package eGroupWare-1.4.002 contains beside many bugfixes also a fix for a XSS problem, which is unfixed in your existing eGroupWare 1.2 packages. The new version also fixes all of your reported bugs for eGW. Unfortunately the former version 1.4.001 was to late for Debian 4.0 and the 1.2 (you also include so far) does not play well with php5 or postgres8. Therefore it was decided to completely drop eGroupWare from Debian 4.0 and is now sitting forever in experimental :-( The debian changelog of 1.4.002 contains links to the eGW svn containing the patch for the XSS problem, which can also be applied to 1.2 versions.
CVE References
Changed in egroupware: | |
status: | New → Confirmed |
Changed in egroupware: | |
status: | Unknown → Fix Released |
Changed in egroupware: | |
status: | Confirmed → Fix Released |
To post a comment you must log in.
What do we (eGroupWare project) need to do, to get our current stable release into Ubuntu again?
Ralf