====================================================================

                                    CERT-Renater

                          Note d'Information No. 2012/VULN199
____________________________________________________________________

DATE                : 25/04/2012

HARDWARE PLATFORM(S): /

OPERATING SYSTEM(S) : Systems running WebCalendar versions prior to 1.2.5.

======================================================================
http://sourceforge.net/mailarchive/message.php?msg_id=28915339
______________________________________________________________________

WebCalendar 1.2.5 has been released. This is the latest production
release of WebCalendar and all users are encouraged to upgrade.
Instruction on upgrading can be found in the UPGRADING.html file
(or view it here
<http://webcalendar.cvs.sourceforge.net/viewvc/webcalendar/webcalendar/UPGRADING.html?pathrev=REL_1_2>)
included in the release.

Overview of changes:

What's New in WebCalendar 1.2.5:

Version 1.2.5 (29 Feb 2012)
 - Fixes for various security vulnerabilities include LFI (local
file inclusion), XSS (cross site scripting) and others.
 - Updated translations: German, German-utf8, Dutch, Dutch-utf8
 - Misc. minor bug fixes

For a more detailed list (that includes specific bugs fixed), please
look at the ChangeLog file:

http://webcalendar.cvs.sourceforge.net/*checkout*/webcalendar/webcalendar/ChangeLog?&pathrev=REL_1_2

======================================================================

=========================================================
Serveur de référence du CERT-Renater
https://services.renater.fr/ssi/
=========================================================
+ CERT-RENATER          | tel : 01-53-94-20-44          +
+ 23 - 25 Rue Daviel    | fax : 01-53-94-20-41          +
+ 75013 Paris           | email: certsvp@renater.fr     +
=========================================================