Re: WebCalendar Multiple Vulnerabilities

To: Paul Laudanski <zx@xxxxxxxxxxxxxx>, full-disclosure@xxxxxxxxxxxxxxxxx, ml@xxxxxxxxxxxxx, bugtraq@xxxxxxxxxxxxxxxxx, news@xxxxxxxxxxxxxx, bugs@xxxxxxxxxxxxxxxxxxx, vuln@xxxxxxxxxxx
Subject: Re: WebCalendar Multiple Vulnerabilities
From: ascii <ascii@xxxxxxxxxxxx>
Date: Wed, 30 Nov 2005 15:10:41 +0100
In-reply-to: <Pine.LNX.4.44.0511292102400.15585-100000@xxxxxxxxxxxxxxxxxxxxxxxx>
List-help: <mailto:bugtraq-help@securityfocus.com>
List-id: <bugtraq.list-id.securityfocus.com>
List-post: <mailto:bugtraq@securityfocus.com>
List-subscribe: <mailto:bugtraq-subscribe@securityfocus.com>
List-unsubscribe: <mailto:bugtraq-unsubscribe@securityfocus.com>
Mailing-list: contact bugtraq-help@xxxxxxxxxxxxxxxxx; run by ezmlm
References: <Pine.LNX.4.44.0511292102400.15585-100000@xxxxxxxxxxxxxxxxxxxxxxxx>
User-agent: Thunderbird 1.5 (Windows/20051025)

Paul Laudanski wrote:

I too tried contacting the vendor but received no response. Your timingof vendor notice and vul'n release are fast unfortunately. Taking a look,simple functions in PHP can be called upon to fix those issues.


thanks Paul for the cooperation : )

i'm sorry i hadn't updated the advisory but now i done

* * * *

VI. VENDOR RESPONSE

We had a response from Craig Knudsen, the project leader, on 20051128
night. The same day the fast Craig resolved 3 of the 4 issues in the
REL_1_0_0 branch of CVS, so soon a new version (probably 1.0.2) will be
released to the public.

* * * *

also on the sourceforge project site there are these posts related to
this advisory (thanks Craig for the links)

http://sourceforge.net/forum/forum.php?thread_id=1392833&forum_id=11587
http://sourceforge.net/forum/forum.php?thread_id=1393468&forum_id=11587

http://sourceforge.net/mailarchive/forum.php?thread_id=9091328&forum_id=46247
http://sourceforge.net/mailarchive/forum.php?thread_id=9089995&forum_id=46247

ascii - http://www.ush.it

References:
- Re: WebCalendar Multiple Vulnerabilities
  - From: Paul Laudanski

Prev by Date: Re: Xaraya <= 1.0.0 RC4 D.O.S / file corruption
Next by Date: Re: DNS query spam
Previous by thread: Re: WebCalendar Multiple Vulnerabilities
Next by thread: Re: WebCalendar Multiple Vulnerabilities
Index(es):
- Date
- Thread