Package: twiki Version: 1:4.0.5-9.1 Severity: important This may have a security impact, however rather limited, IMHO.
In apache.conf, configure access is granted to Allow from 127.0.0.1, 192.168.1.10 However I see no reason, in general for 192.168.1.10 (I know it was in twiki's upstream .htaccess)... which may not be suited for every network setup :( At least this is a local address, so no real risk vs sites on the Internet. Hope this helps, Best regards, P.S.: it seems to me that apache doesn't use commas for separating addresses in an allow directive (http://httpd.apache.org/docs/2.2/mod/mod_authz_host.html#allow) but I'm not quite sure... and anyway, there will be only 127.0.0.1 in the end I suppose. -- System Information: Debian Release: 4.0 APT prefers testing APT policy: (500, 'testing') Architecture: i386 (i686) Shell: /bin/sh linked to /bin/bash Kernel: Linux 2.6.18-3-686 Locale: [EMAIL PROTECTED], [EMAIL PROTECTED] (charmap=ISO-8859-15) Versions of packages twiki depends on: ii apache-common 1.3.34-4 support files for all Apache webse ii apache2.2-common 2.2.3-3.3 Next generation, scalable, extenda ii debconf [debconf-2.0] 1.5.11 Debian configuration management sy ii libalgorithm-diff-perl 1.19.01-2 a perl library for finding Longest ii libcgi-session-perl 4.14-1 Persistent session data in CGI app ii libdigest-sha1-perl 2.11-1 NIST SHA-1 message digest algorith ii liberror-perl 0.15-8 Perl module for error/exception ha ii libhtml-parser-perl 3.55-1 A collection of modules that parse ii liblocale-maketext-lexicon-pe 0.62-1 Lexicon-handling backends for "Loc ii libtext-diff-perl 0.35-2 Perform diffs on files and record ii liburi-perl 1.35-2 Manipulates and accesses URI strin ii perl [libmime-base64-perl] 5.8.8-7 Larry Wall's Practical Extraction ii perl-modules [libnet-perl] 5.8.8-7 Core Perl modules ii rcs 5.7-18 The GNU Revision Control System twiki recommends no packages. -- debconf information excluded -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
