Ubuntu
webcalendar package

removal: unfixed security vulnerabilities

Bug #92402 reported by Kees Cook on 2007-03-15

256

Affects		Status	Importance	Assigned to	Milestone
	webcalendar (Ubuntu)	Fix Released	Wishlist	Unassigned

Bug Description

Binary package hint: webcalendar

I would like to recommend that webcalendar be removed from feisty. It is unmaintainer upstream[1], has very unsafe configurations, open CVEs, including more recently ones that would allow full compromise of the user running webcalendar[2].

[1] http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=404297
[2] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1343

Revision history for this message

Sebastien Bacher (seb128) wrote on 2007-03-21:

webcalendar has been removed

Changed in webcalendar:
importance:	Undecided → Wishlist
status:	Unconfirmed → Fix Released

Report a bug

This report contains Public Security information

Everyone can see this security related information.

You are

Subscribing...

Edit bug mail

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.

Ubuntuwebcalendar package

removal: unfixed security vulnerabilities

Bug Description

Other bug subscribers

Remote bug watches

Ubuntu
webcalendar package