On Thursday, 14 July 2005 16:15, Joey Hess wrote: > Package: phppgadmin > Severity: serious > Tags: security > > Encoded directory traversal vulnerability in phpPgAdmin 3.1 to 3.5.3 > allows remote attackers to access arbitrary files via "%2e%2e%2f" (encoded > dot dot) sequences in the formLanguage parameter. > > -- http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-2256 Thank you for the report, I'm aware and will provide a fixed 3.5.2 package for Sarge. I'll wait until 3.5.4 (which will be released really soon) for Sid.
Best regards -- Isaac Clerencia at Warp Networks, http://www.warp.es Work: <[EMAIL PROTECTED]> | Debian: <[EMAIL PROTECTED]>
pgpB7pjgJpq4i.pgp
Description: PGP signature
