Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date: Sun, 12 Feb 2012 10:17:46 +0200
From: Henri Salo <henri@...v.fi>
To: oss-security@...ts.openwall.com
Subject: Re: CVE-request: Webcalendar 1.2.4 location XSS

On Sat, Feb 11, 2012 at 11:04:19PM -0500, Eitan Adler wrote:
> On Sat, Feb 11, 2012 at 11:41 AM, Henri Salo <henri@...v.fi> wrote:
> > This seems to be missing 2012 CVE.
> >
> > Original report: http://seclists.org/bugtraq/2012/Jan/128
> > Project page: https://sourceforge.net/projects/webcalendar/
> > Version affected: 1.2.4 (the newest)
> 
> So far as I could see the newest version is 1.2.3
> (http://sourceforge.net/projects/webcalendar/?source=directory and
> http://www.k5n.us/webcalendar.php?topic=News don't list 1.2.4)

Page http://sourceforge.net/projects/webcalendar/files/webcalendar%201.2/ lists 1.2.4 version. I have no idea why the other page doesn't list it at all. No reply to bug-report: http://sourceforge.net/tracker/?func=detail&aid=3472745&group_id=3870&atid=103870 and only thing I found strange in the report is "Version: 1.2.5" as there isn't such available. I can verify this advisory if you want.

- Henri Salo

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.