Debian Security Advisory 1267-1 – It was discovered that WebCalendar, a PHP-based calendar application, insufficiently protects an internal variable, which allows remote file inclusion.
You can download this advisory from the following link: https://packetstormsecurity.com/files/download/55207/dsa-1267-1.txt
Source: https://packetstormsecurity.com/files/55207/Debian-Linux-Security-Advisory-1267-1.html