On Fri, Nov 25, 2011 at 7:04 PM, Fabian Linzberger <e...@lefant.net> wrote: > > A directory traversal vulnerability in yaws has been discovered and > disclosed at [1]. > > At least the version of yaws currently in sid (1.91) is affected. One > can reproduce the issue by running: > > curl 'http://localhost:8080/..\\..\\..\\..\\/etc/passwd'
The bug is reproducible... So, I'll try to look into it also. Cheers! -- Sergei Golovan -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org