Debian Security Advisory 1279-1 - It was discovered that WebCalendar, a PHP-based calendar application, performs insufficient sanitizing in the exports handler, which allows injection of web script.
43b62b4c0462e8e27a3f7ea4d3ef33345bfe580ee6b79f2440ee99a38ce680ac