notfound 608822 0.7.7+dfsg-1 thanks Hello again,
Moritz Muehlenhoff [2011-01-03 19:11 +0100]: > there's been an advisory on calibre. I'm not sure, whether it > actually applies to the Debian package, is the content server > distributed in the Debian package? Please check. > > http://www.waraxe.us/advisory-77.html I checked both vulnerabilities, and cannot reproduce either of them in the 0.7.7 version that current testing has. The "browse" module doesn't exist at all (for the XSS), and no matter which path I request for the path traversal, in this version it already only searches in the static contents dir. Martin -- Martin Pitt | http://www.piware.de Ubuntu Developer (www.ubuntu.com) | Debian Developer (www.debian.org)
signature.asc
Description: Digital signature