Debian Security Advisory 1063-1 - It was discovered that the Avatar upload feature of FUD Forum, a component of the web based groupware system phpgroupware, does not sufficiently validate uploaded files, which might lead to the execution of injected web script code.
f7dac0190d87de2d92872a8ed14a750a541584f1a2bf3647c72cb9bd5a4dd07e