Processing commands for [EMAIL PROTECTED]:
severity 373731 serious
Bug#373731: squirrelmail redirect.php local file include vulnerability
Severity set to `serious' from `normal'
tags 373731 security confirmed upstream
Bug#373731: squirrelmail redirect.php local file include vulnerability
Hello all,
up until the first nul byte. I see that the plugins[] array is actually
never reset in the squirrelmail source or configuration, allowing for
this kind of things.
Right, I agree that the bug exists; it has been discussed on the
upstream [EMAIL PROTECTED] list but I appearently
Thijs Kinkhorst wrote:
As you might know:
- the Debian 'squirrelmail' Apache configuration ships with rg disabled;
- the Debian 'php4' configuration ships with rg disabled;
- it is well known and well documented that enabling register_globals is
a security risk.
Therefore, someone who
severity 373731 important
thanks
On Thu, 2006-06-15 at 14:49 +0200, Moritz Muehlenhoff wrote:
I don't think this warrants a security update for stable.
Thanks. I'm downgrading it to important - I expect a new upstream at the
end of this month that will resolve the bug. I'll check whether or not
Processing commands for [EMAIL PROTECTED]:
severity 373731 important
Bug#373731: squirrelmail redirect.php local file include vulnerability
Severity set to `important' from `serious'
thanks
Stopping processing here.
Please contact me if you need assistance.
Debian bug tracking system
5 matches
Mail list logo
