Steve,
I just had a look at your patch and it seems to me that you just filter out
the remote command execution and not the file disclosure in Twiki.
http://security.debian.org/pool/updates/main/t/twiki/twiki_4.0.5-9.1etch1.diff.gz
The configure file is patched with this
if ( $image =~
ole:
your site itself has problems! how are you going to solve others problems?
Welcome ole! Your request has been directed to the Customer
Servicedepartment. Please wait for our operator to answer your call.
Call accepted by operator JC. Currently in room: JC. ole:
any answers?
JC:
Hello Ole