On Sat, Dec 02, 2006 at 11:45:15PM +0100, Amaya wrote: > Stefan Fritsch wrote: > > A vulnerability has been found in twiki. See > > http://twiki.org/cgi-bin/view/Codev/SecurityAlert-CVE-2006-6071 for > > details.
> Just for the sake of detail, your site may be vulnerable if: > 1. If you have ErrorDocument 401 set to point to the > TWikiRegistration topic (or any other TWiki topic) and > 2. You are using ApacheLogin with TWiki-4.0 and have sessions > enabled, or you are using an earlier TWiki version with > SessionPlugin, and > 3. You are running Apache 1.3 This sounds to me like it means the package is not vulnerable by default, is that correct? Should this bug be downgraded to 'important'? Thanks, -- Steve Langasek Give me a lever long enough and a Free OS Debian Developer to set it on, and I can move the world. [EMAIL PROTECTED] http://www.debian.org/ -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]