Piotr Roszatycki wrote: > Dnia Wednesday 16 of November 2005 13:17, Martin Schulze napisa?: > > > Vuln 1: > > > Full Path Disclosures in the following files: > > > > > Vuln 2: > > > Http Response Splitting in libraries/header_http.inc.php > > > > Do you know if this is the same vulnerability as the first one above? > > The Full Path Disclosure is not fixed currently by upstream and I think it is > not important for Debian version. > > I'm attaching the patch for sarge.
Thanks a lot. I'm reviewing now. > Additionaly, I've fixed the important bug #324318. Please, include the patch > for this bug to stable release. The patch doesn't change program > functionality and resolve more problems with bad configration file which are > not reported to BTS. Please explain why it should be fixed in stable. Please explain why it should be fixed in a security update. At the moment, I'm not convinced it is something else than a normal bug, not even a critical one. Regards, Joey -- Of course, I didn't mean that, which is why I didn't say it. What I meant to say, I said. -- Thomas Bushnell Please always Cc to me when replying to me on the lists. -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]