[41423] in bugtraq
Re: WebCalendar Multiple Vulnerabilities
daemon@ATHENA.MIT.EDU (ascii)
Wed Nov 30 13:57:57 2005
Message-ID: <438DB2E1.7030403@katamail.com>
Date: Wed, 30 Nov 2005 15:10:41 +0100
From: ascii <ascii@katamail.com>
MIME-Version: 1.0
To: Paul Laudanski <zx@castlecops.com>, full-disclosure@lists.grok.org.uk,
ml@sikurezza.org, bugtraq@securityfocus.com, news@securiteam.com,
bugs@securitytracker.com, vuln@secunia.com
In-Reply-To: <Pine.LNX.4.44.0511292102400.15585-100000@bugsbunny.castlecops.com>
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: 7bit
Paul Laudanski wrote:
> I too tried contacting the vendor but received no response. Your timing
> of vendor notice and vul'n release are fast unfortunately. Taking a look,
> simple functions in PHP can be called upon to fix those issues.
thanks Paul for the cooperation : )
i'm sorry i hadn't updated the advisory but now i done
* * * *
VI. VENDOR RESPONSE
We had a response from Craig Knudsen, the project leader, on 20051128
night. The same day the fast Craig resolved 3 of the 4 issues in the
REL_1_0_0 branch of CVS, so soon a new version (probably 1.0.2) will be
released to the public.
* * * *
also on the sourceforge project site there are these posts related to
this advisory (thanks Craig for the links)
http://sourceforge.net/forum/forum.php?thread_id=1392833&forum_id=11587
http://sourceforge.net/forum/forum.php?thread_id=1393468&forum_id=11587
http://sourceforge.net/mailarchive/forum.php?thread_id=9091328&forum_id=46247
http://sourceforge.net/mailarchive/forum.php?thread_id=9089995&forum_id=46247
ascii - http://www.ush.it
