Bug#536346: scponly_4.8-1(mipsel/unstable): broken build-depends

Martin Zobel-Helas wrote: Package: scponly Version: 4.8-1 Severity: grave There was an error while trying to autobuild your package: Automatic build of scponly_4.8-1 on rem by sbuild/mipsel 99.999 Build started at 20090709-0831 [...] ** Using build dependencies supplied by package:

Bug#437148: [scponly] svn support in scponly is unsafe

On 07.09.2007, at 11:01, Joachim Breitner wrote: Hi, Am Freitag, den 07.09.2007, 10:59 +0200 schrieb Florian Weimer: * Joachim Breitner: I think mounting the file system no-exec covers that. IIRC, Subversion directly executes the hook scripts, and this will fail in that case. Then

Bug#437148: Security Hole in scponly, due to svn support

Hi Joachim, On 10.08.2007, at 19:54, Joachim Breitner wrote: Package: scponly Version: 4.6-1 X-Debbugs-CC: [EMAIL PROTECTED] Severity: grave Tags: security Hi Thomas Wana, messing around with some friends here, I tried to access his computer with only a scponly protected account. I

Bug#437148: Security Hole in scponly, due to svn support

On 02.09.2007, at 18:29, Florian Weimer wrote: * Joachim Breitner: This is an unfortunate interaction between scponly and Subversion, but not a real bug in any of the programs. The same problem arises when a scponly-restricted user uploads any form of executable contents. CGI scripts

Bug#350964: CVE-2006-0225, scponly shell command possible

Hi, Geoff Crompton wrote: Just like to bring bug #350964 back to the limelight. Briefly recapping Feb 2, I created the bug report Feb 6, unstable fixed by Thomas Feb 13 DSA 969-1 released Feb 15 I questioned if sarge fixed, Thomas, Joey and Steve respond/discuss. At the moment it looks

Bug#350964: CVE-2006-0225, scponly shell command possible

Steve Kemp wrote: On Wed, Feb 15, 2006 at 02:01:51PM +1100, Geoff Crompton wrote: This bug has been closed for unstable (see bug 350964) with the 4.6 upload, but will it be fixed for sarge? Please see DSA-969-1 released two days ago:

Bug#350964: CVE-2006-0225, scponly shell command possible

Hi, Geoff Crompton wrote: This bug has been closed for unstable (see bug 350964) with the 4.6 upload, but will it be fixed for sarge? Joey: I sent you a patch for that, but it seems you didn't include this in scponly-4.0sarge1. We also had no discussion about wether to include it or not.

Bug#344418: CVE reference

Hi, I forwarded the bug info to the security team. No word yet. Your patch for stable seems fine, but in fact there is another security hole in scponly where there is no backported patch for 4.0 yet. I wrote the scponly author about this, again, no reply. Tom Max Vozeler wrote: This is