Roland Mas wrote:
> Bernhard R. Link <[EMAIL PROTECTED]> found a remote shell code
> injection vulnerability bug in the CVS browsing interface of Gforge,
> as used on Alioth and packaged in gforge-plugin-scmcvs. A specially
> crafted URL could execute arbitrary commands as the www-data user, as
> demonstrated by the following example:
Which version will fix this in unstable?
Cheers,
Moritz
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
