Moritz Muehlenhoff, 2007-05-21 14:26:38 +0200 :
Roland Mas wrote:
I'd like to upload a fixed package to sid and etch-security (sarge
is not affected). I'd welcome feedback on the patch
I only had a brief look at it, but I generally recommend to identify
a set of allowed and known to be
Roland Mas wrote:
Bernhard R. Link [EMAIL PROTECTED] found a remote shell code
injection vulnerability bug in the CVS browsing interface of Gforge,
as used on Alioth and packaged in gforge-plugin-scmcvs. A specially
crafted URL could execute arbitrary commands as the www-data user, as
Roland Mas wrote:
[Cc:ing bug discoverer and Alioth admins]
Bernhard R. Link [EMAIL PROTECTED] found a remote shell code
injection vulnerability bug in the CVS browsing interface of Gforge,
as used on Alioth and packaged in gforge-plugin-scmcvs. A specially
crafted URL could execute
Roland Mas wrote:
I'd like to upload a fixed package to sid and etch-security (sarge
is not affected). I'd welcome feedback on the patch
I only had a brief look at it, but I generally recommend to identify
a set of allowed and known to be secure characters and only allow
these instead of
This one time, at band camp, Moritz Muehlenhoff said:
Roland Mas wrote:
I'd like to upload a fixed package to sid and etch-security (sarge
is not affected). I'd welcome feedback on the patch
I only had a brief look at it, but I generally recommend to identify
a set of allowed and known
Moritz Muehlenhoff wrote:
Roland Mas wrote:
[Cc:ing bug discoverer and Alioth admins]
Bernhard R. Link [EMAIL PROTECTED] found a remote shell code
injection vulnerability bug in the CVS browsing interface of Gforge,
as used on Alioth and packaged in gforge-plugin-scmcvs. A specially
* Roland Mas [EMAIL PROTECTED] [070521 17:04]:
I only had a brief look at it, but I generally recommend to identify
a set of allowed and known to be secure characters and only allow
these instead of filtering potential malicious characters. So, if
the value to be sanitised is a file name
7 matches
Mail list logo
