Piotr Roszatycki wrote:
> Dnia Wednesday 16 of November 2005 13:17, Martin Schulze napisa?:
> > > Vuln 1:
> > > Full Path Disclosures in the following files:
> >
> > > Vuln 2:
> > > Http Response Splitting in libraries/header_http.inc.php
> >
> > Do you know if this is the same vulnerability as the first one above?
>
> The Full Path Disclosure is not fixed currently by upstream and I think it is
> not important for Debian version.
>
> I'm attaching the patch for sarge.
Thanks a lot. I'm reviewing now.
> Additionaly, I've fixed the important bug #324318. Please, include the patch
> for this bug to stable release. The patch doesn't change program
> functionality and resolve more problems with bad configration file which are
> not reported to BTS.
Please explain why it should be fixed in stable.
Please explain why it should be fixed in a security update.
At the moment, I'm not convinced it is something else than a normal
bug, not even a critical one.
Regards,
Joey
--
Of course, I didn't mean that, which is why I didn't say it.
What I meant to say, I said. -- Thomas Bushnell
Please always Cc to me when replying to me on the lists.
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
