-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Yes, defiantly
I have not found any way to exploit the debian package using any thus
far found methods. Florians patch get in the way every time :)
Sven
micah wrote:
>
> Does this mean that the twiki (20040902-3) in Debian is not vulnerable
> and t
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Does this mean that the twiki (20040902-3) in Debian is not vulnerable
and this bug report can be closed?
Micah
Sven Dowideit wrote:
> while I think its very reasonable for you to send along these
> advisories, and even doing so as a BTS bug wothout
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
while I think its very reasonable for you to send along these
advisories, and even doing so as a BTS bug wothout testing them
I think its incredibly rude to do so without saying that you have not
tested it out.
please, if you enter a bug report, tell
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Sven,
I have not attempted to reproduce this in the debian package, I'm
tracking known vulnerabilities with the testing-security team. When I
see a new CVE id assigned to a package and no bugs filed on that package
regarding that CVE, and no entries i
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
excellent.
Micah, did you manage to reproduce this in the debian package at all?
you see, the debian package is significantly more secure than the
upstream version, and as you've marked it as grave, I presume that you
have found a way to make it happ
Package: twiki
Version: 20040902-3
Severity: grave
Tags: security
Justification: user security hole
A new security bug in twiki showed up today:
http://twiki.org/cgi-bin/view/Codev/SecurityAlertExecuteCommandsWithInclude
An attacker is able to execute arbitrary shell commands with the
privileges
6 matches
Mail list logo
