On Tue, 12 Sep 2006, Finn-Arne Johansen wrote: > > Indeed, but I just generated a new version of that update since a second > > security issue has been fixed in 2.6.19 (a directory traversal bug). I > > also applied applied the fix for the "new window" function which broke due > > to the change in the session id handling. > > How did that break ?
I don't have time to investigate the details, I expected it to be related to a second login generating a new cookie and thus invalidating the one used by the first window. > I'm using 2.4.7-2sarge1, and the "new window" function works as far as I > can see. > > So if "new window" should fail to work because of the patch, the patch > is not working, since "new window" works for me. I seldom use that > function, I rather right-click and selects "open in new TAB" I don't know really. Dieter, any comment? > > Please checkout the updated package (and patch) at: > > http://people.debian.org/~hertzog/sql-ledger/ > > well, I do run the same version, but I guess you built a new version > with the same version number. Yes, I rebuilt it with the same version number. > * Security upload. > * Fix bad handling of sessionid: CVE-2006-4244 > Closes: #386519 I've added this: * Fix directory traversal security issues (backported from 2.6.19) Cheers, -- Raphaël Hertzog Premier livre français sur Debian GNU/Linux : http://www.ouaza.com/livre/admin-debian/