Multiple cross-site scripting and cross-site request forgery issues were discovered in the DAViCal CalDAV Server.
Debian Security Advisory DSA-4582-1 [email protected]
https://www.debian.org/security/ Moritz Muehlenhoff
December 13, 2019 https://www.debian.org/security/faq
Package : davical
CVE ID : CVE-2019-18345 CVE-2019-18346 CVE-2019-18347
Debian Bug : 946343
Multiple cross-site scripting and cross-site request forgery issues were
discovered in the DAViCal CalDAV Server.
For the oldstable distribution (stretch), these problems have been fixed
in version 1.1.5-1+deb9u1.
For the stable distribution (buster), these problems have been fixed in
We recommend that you upgrade your davical packages.
For the detailed security status of davical please refer to
its security tracker page at:
Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://www.debian.org/security/