Debian Security Advisory
DSA-2013-1 egroupware -- several vulnerabilities
- Date Reported:
- 11 Mar 2010
- Affected Packages:
- egroupware
- Vulnerable:
- Yes
- Security database references:
- In the Debian bugtracking system: Bug 573279.
- More information:
-
Nahuel Grisolia discovered two vulnerabilities in Egroupware, a web-based groupware suite: Missing input sanitising in the spellchecker integration may lead to the execution of arbitrary commands and a cross-site scripting vulnerability was discovered in the login page.
For the stable distribution (lenny), these problems have been fixed in version 1.4.004-2.dfsg-4.2.
The upcoming stable distribution (squeeze), no longer contains egroupware packages.
We recommend that you upgrade your egroupware packages.
- Fixed in:
-
Debian GNU/Linux 5.0 (lenny)
- Source:
- http://security.debian.org/pool/updates/main/e/egroupware/egroupware_1.4.004-2.dfsg-4.2.diff.gz
- http://security.debian.org/pool/updates/main/e/egroupware/egroupware_1.4.004-2.dfsg-4.2.dsc
- http://security.debian.org/pool/updates/main/e/egroupware/egroupware_1.4.004-2.dfsg.orig.tar.gz
- http://security.debian.org/pool/updates/main/e/egroupware/egroupware_1.4.004-2.dfsg-4.2.dsc
- Architecture-independent component:
- http://security.debian.org/pool/updates/main/e/egroupware/egroupware-bookmarks_1.4.004-2.dfsg-4.2_all.deb
- http://security.debian.org/pool/updates/main/e/egroupware/egroupware-felamimail_1.4.004-2.dfsg-4.2_all.deb
- http://security.debian.org/pool/updates/main/e/egroupware/egroupware-mydms_1.4.004-2.dfsg-4.2_all.deb
- http://security.debian.org/pool/updates/main/e/egroupware/egroupware-polls_1.4.004-2.dfsg-4.2_all.deb
- http://security.debian.org/pool/updates/main/e/egroupware/egroupware-calendar_1.4.004-2.dfsg-4.2_all.deb
- http://security.debian.org/pool/updates/main/e/egroupware/egroupware-developer-tools_1.4.004-2.dfsg-4.2_all.deb
- http://security.debian.org/pool/updates/main/e/egroupware/egroupware-etemplate_1.4.004-2.dfsg-4.2_all.deb
- http://security.debian.org/pool/updates/main/e/egroupware/egroupware-emailadmin_1.4.004-2.dfsg-4.2_all.deb
- http://security.debian.org/pool/updates/main/e/egroupware/egroupware-phpsysinfo_1.4.004-2.dfsg-4.2_all.deb
- http://security.debian.org/pool/updates/main/e/egroupware/egroupware_1.4.004-2.dfsg-4.2_all.deb
- http://security.debian.org/pool/updates/main/e/egroupware/egroupware-resources_1.4.004-2.dfsg-4.2_all.deb
- http://security.debian.org/pool/updates/main/e/egroupware/egroupware-news-admin_1.4.004-2.dfsg-4.2_all.deb
- http://security.debian.org/pool/updates/main/e/egroupware/egroupware-filemanager_1.4.004-2.dfsg-4.2_all.deb
- http://security.debian.org/pool/updates/main/e/egroupware/egroupware-registration_1.4.004-2.dfsg-4.2_all.deb
- http://security.debian.org/pool/updates/main/e/egroupware/egroupware-sitemgr_1.4.004-2.dfsg-4.2_all.deb
- http://security.debian.org/pool/updates/main/e/egroupware/egroupware-phpbrain_1.4.004-2.dfsg-4.2_all.deb
- http://security.debian.org/pool/updates/main/e/egroupware/egroupware-core_1.4.004-2.dfsg-4.2_all.deb
- http://security.debian.org/pool/updates/main/e/egroupware/egroupware-infolog_1.4.004-2.dfsg-4.2_all.deb
- http://security.debian.org/pool/updates/main/e/egroupware/egroupware-tracker_1.4.004-2.dfsg-4.2_all.deb
- http://security.debian.org/pool/updates/main/e/egroupware/egroupware-wiki_1.4.004-2.dfsg-4.2_all.deb
- http://security.debian.org/pool/updates/main/e/egroupware/egroupware-sambaadmin_1.4.004-2.dfsg-4.2_all.deb
- http://security.debian.org/pool/updates/main/e/egroupware/egroupware-addressbook_1.4.004-2.dfsg-4.2_all.deb
- http://security.debian.org/pool/updates/main/e/egroupware/egroupware-timesheet_1.4.004-2.dfsg-4.2_all.deb
- http://security.debian.org/pool/updates/main/e/egroupware/egroupware-manual_1.4.004-2.dfsg-4.2_all.deb
- http://security.debian.org/pool/updates/main/e/egroupware/egroupware-projectmanager_1.4.004-2.dfsg-4.2_all.deb
- http://security.debian.org/pool/updates/main/e/egroupware/egroupware-felamimail_1.4.004-2.dfsg-4.2_all.deb
MD5 checksums of the listed files are available in the original advisory.