Roland Mas wrote: > Bernhard R. Link <[EMAIL PROTECTED]> found a remote shell code > injection vulnerability bug in the CVS browsing interface of Gforge, > as used on Alioth and packaged in gforge-plugin-scmcvs. A specially > crafted URL could execute arbitrary commands as the www-data user, as > demonstrated by the following example:
Which version will fix this in unstable? Cheers, Moritz -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]