On Mon, 13 Jul 2009 14:28:30 +0200 Nico Golde <n...@debian.org> wrote:
> * Gerfried Fuchs <rho...@deb.at> [2009-07-13 14:17]: > > * Benjamin Bannier <benjamin.bann...@netronaut.de> [2009-07-10 > > 17:14:45 CEST]: > > > thanks for your quick response. > > > > > > I see roundcube-0.1.1-10~bpo40+2 still in backports. I presume > > > this doesn't include the patch to fix this specific issue. > > > > Erm, are you sure? According to Nico it was fixed in 0.1.1-9 which > > is older than 0.1.1-10. I'm now pretty puzzled about the whole fuzz > > and the issue at hand? > > I checked the package of backports and the issue you are > reporting seems indeed to be fixed. Do you have any evidence > that this or a similar issue is being exploited on your > system? Sorry for not answering earlier, was struggling with this bugzilla interface and my message didn't go through. I see the exact same issue, somebody accessing roundcube's html2text with POST's and files are being uploaded (to /dev/shm in this particular case). And I also have no idea how they start their programs (a process httpd run by www-data that we caught quickly with tiger since on Debian we call it apache2). Benjamin
signature.asc
Description: PGP signature