Unspecified vulnerability in lurker.cgi for Lurker 2.0 and earlier allows attackers to read arbitrary files via unknown vectors. Unspecified vulnerability in Lurker 2.0 and earlier allows remote attackers to create or overwrite files in any writable directory that is named "mbox". Multiple cross-site scripting (XSS) vulnerabilities in Lurker 2.0 and earlier allow remote attackers to inject arbitrary web script or HTML via unknown attack vectors.
i'm looking into adding lurker 2.1 now.
setting status
lurker 2.x has changed substantially from 1.x. I am VERY short of time right now so I'm going to have to leave it till tomorrow (another 14 hours or so). If someone else from netmail wants to do this then feel free, but I'm snowed under with work right now.
ok, new lurker version added as 2.1. over to you security, feel free to remove 1.3 from the tree
was never stable, no glsa -> done. I'll see if i can ping someone in IRC to remove 1.3.