Moritz Muehlenhoff wrote:
> Roland Mas wrote:
> > [Cc:ing bug discoverer and Alioth admins]
> >
> > Bernhard R. Link <[EMAIL PROTECTED]> found a remote shell code
> > injection vulnerability bug in the CVS browsing interface of Gforge,
> > as used on Alioth and packaged in gforge-plugin-scmcvs. A specially
> > crafted URL could execute arbitrary commands as the www-data user, as
> > demonstrated by the following example:
>
> Joey, please assign a CVE ID. I'll release the update today.
Please use CVE-2007-0246.
Regards,
Joey
--
Every use of Linux is a proper use of Linux. -- Jon 'maddog' Hall
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
