On Tue, 2008-07-22 at 20:54 +0200, Nico Golde wrote: > Hi Moritz, > * Moritz Naumann <[EMAIL PROTECTED]> [2008-07-22 20:46]: > > I'm not providing additional technical information or ways to reproduce > > this issue since - while a patch is available - I cannot verify whether > > or not there are other vulnerable installations out there. > > > > Please feel free to get in touch with me directly in 4 weeks from now > > and ask me to provide further information on this bug tracker - I'll > > happily do it then. > > Why don't you contact [EMAIL PROTECTED] with this > including further information if you don't want to disclose > them publicly here in the bts?
I don't think there are any other implementations of this script, the bug is a precaution because the script is included in the package but not actually installed into any http visible location by default. It needs to be symlinked or copied into a server location. The one publicly visible implementation that I maintain has been fixed. The fix will be included in 1.4.1 which I expect to upload tonight. -- Neil Williams ============= http://www.data-freedom.org/ http://www.nosoftwarepatents.com/ http://www.linux.codehelp.co.uk/
signature.asc
Description: This is a digitally signed message part
