Proposed stupid-patch for the testing distribution.
If there isn't apex in the supplied argumenti it's impossible to modify
the SQL query.
Bye,
Gerardo
diff -Nru /tmp/4fCGVl7C4o/xtradius-1.2.1-beta2/contrib/authmysql/authmysql.c
/tmp/pjjbxPhZcv/xtradius-1.2.1-beta2/contrib/authmysql/authmysql.c
The patch provided contains an errore. The line to add is:
if (strpos($lang_conf, "..")!==false) die("Invalid language file");
Bye,
Gerardo
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Package: eskuel
Version: 1.0.5-3
Severity: critical
Tags: security patch
Justification: causes serious data loss
It's possible to read any file on the system.
File: include/functions.inc.php
Vulnerable function: select_lang_config()
Vulnerable code:
[...]
$lang_config_cookie = (isset($HTTP_COOKIE
Patch for sid attached.
Gerardo
diff -Nru /tmp/K6tJKUUwAx/xine-lib-1.0/src/input/librtsp/rtsp.c
/tmp/ljlLpb7MdV/xine-lib-1.0/src/input/librtsp/rtsp.c
--- /tmp/K6tJKUUwAx/xine-lib-1.0/src/input/librtsp/rtsp.c 2004-07-25
19:13:54.0 +0200
+++ /tmp/ljlLpb7MdV/xine-lib-1.0/src/input/lib
Patch attached, based on FreeBSD one.
Bye,
Gerardo
--- heimdal-0.6.3/appl/telnet/telnet/telnet.c.orig 2002-05-03
12:19:43.0 +0200
+++ heimdal-0.6.3/appl/telnet/telnet/telnet.c 2005-04-21 01:07:40.854403312
+0200
@@ -1294,6 +1294,7 @@
unsigned char slc_reply[128];
+unsigned ch
I think that the best solution is to put a "chmod" after:
/usr/bin/touch $new_mldonkey_dir/downloads.ini
in "mldonkey-server.postinst".
Bye
Gerardo
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
6 matches
Mail list logo