Roland Mas wrote:
> [Cc:ing bug discoverer and Alioth admins]
>
> Bernhard R. Link <[EMAIL PROTECTED]> found a remote shell code
> injection vulnerability bug in the CVS browsing interface of Gforge,
> as used on Alioth and packaged in gforge-plugin-scmcvs. A specially
> crafted URL could execute arbitrary commands as the www-data user, as
> demonstrated by the following example:
Joey, please assign a CVE ID. I'll release the update today.
Cheers,
Moritz
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
