Debian Security Advisory

DSA-2013-1 egroupware -- several vulnerabilities

Date Reported:
11 Mar 2010
Affected Packages:
Security database references:
In the Debian bugtracking system: Bug 573279.
More information:

Nahuel Grisolia discovered two vulnerabilities in Egroupware, a web-based groupware suite: Missing input sanitising in the spellchecker integration may lead to the execution of arbitrary commands and a cross-site scripting vulnerability was discovered in the login page.

For the stable distribution (lenny), these problems have been fixed in version 1.4.004-2.dfsg-4.2.

The upcoming stable distribution (squeeze), no longer contains egroupware packages.

We recommend that you upgrade your egroupware packages.

Fixed in:

Debian GNU/Linux 5.0 (lenny)

Architecture-independent component:

MD5 checksums of the listed files are available in the original advisory.