It was discovered that the Avatar upload feature of FUD Forum, a component of the web based groupware system phpgroupware, does not sufficiently validate uploaded files, which might lead to the execution of injected web script code. For the old stable distribution (woody) this problem has been fixed in version 0.9.14-0.RC3.2.woody6. For the stable distribution (sarge) this problem has been fixed in version 0.9.16.005-3.sarge5. For the unstable distribution (sid) this problem has been fixed in version 0.9.16.009-1. We recommend that you upgrade your phpgroupware packages.
It was discovered that the Avatar upload feature of FUD Forum, a component of the web based groupware system phpgroupware, does not sufficiently validate uploaded files, which might lead to the execution of injected web script code.
For the old stable distribution (woody) this problem has been fixed in version 0.9.14-0.RC3.2.woody6.
For the stable distribution (sarge) this problem has been fixed in version 0.9.16.005-3.sarge5.
For the unstable distribution (sid) this problem has been fixed in version 0.9.16.009-1.
We recommend that you upgrade your phpgroupware packages.
MD5 checksums of the listed files are available in the original advisory.