Secure testing team - Mar 2010 - Bug#572557: CVE-2010-0636 / CVE-2010-0637

Package: webcalendar
Severity: grave
Tags: security

A few security issues have been reported for which I cannot find any
information on the upstream website. Please investigate:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0636
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0637

On a side note: Rafael has resigned from Debian and recent bugs haven''t
been followed up. If there''s no actice maintainer team webcalendar
should
be removed.

Cheers,
        Moritz

-- System Information:
Debian Release: squeeze/sid
  APT prefers unstable
  APT policy: (500, ''unstable'')
Architecture: i386 (i686)

Kernel: Linux 2.6.32-2-686 (SMP w/1 CPU core)
Locale: LANG=C, LC_CTYPE=de_DE.ISO-8859-15 at euro (charmap=ISO-8859-15)
Shell: /bin/sh linked to /bin/bash

Versions of packages webcalendar depends on:
pn  apache | apache2 | apache-ssl <none>     (no description available)
pn  dbconfig-common               <none>     (no description available)
ii  debconf [debconf-2.0]         1.5.28     Debian configuration management sy
pn  libapache-mod-php4 | libapach <none>     (no description available)
pn  php4-cli | php5-cli           <none>     (no description available)
pn  php4-mysql | php4-pgsql | php <none>     (no description available)
ii  ucf                           3.0025     Update Configuration File: preserv

Versions of packages webcalendar recommends:
pn  mysql-client | postgresql-cli <none>     (no description available)
pn  mysql-server | postgresql     <none>     (no description available)

Versions of packages webcalendar suggests:
pn  php4-gd | php5-gd             <none>     (no description available)