Moritz Muehlenhoff wrote: > Roland Mas wrote: > > [Cc:ing bug discoverer and Alioth admins] > > > > Bernhard R. Link <[EMAIL PROTECTED]> found a remote shell code > > injection vulnerability bug in the CVS browsing interface of Gforge, > > as used on Alioth and packaged in gforge-plugin-scmcvs. A specially > > crafted URL could execute arbitrary commands as the www-data user, as > > demonstrated by the following example: > > Joey, please assign a CVE ID. I'll release the update today.
Please use CVE-2007-0246. Regards, Joey -- Every use of Linux is a proper use of Linux. -- Jon 'maddog' Hall -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]