On 11/02/2005-06:32, Martin Schulze wrote:
> Package: gforge
> Version: 3.1-26
> Severity: grave
> Tags: security sarge sid patch
>
> The sid/sarge version seems to be vulnerable to this. Please correct it.
> The correction should be in the GForge CVS, otherwise sanitising the dir
> should be easy (i.e. recursively strip "../").
>
> Candidate: CAN-2005-0299
> URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0299
>
Hi Joey,
isn't this bug a duplicate of Bug#291718, which was closed by the upload
of gforge 3.1-26 ?
Changelog says:
gforge (3.1-26) unstable; urgency=high
* Disabled controller.php and controlleroo.php because of security
risks, hence the high urgency upload (closes: #291718).
-- Roland Mas <[EMAIL PROTECTED]> Sun, 23 Jan 2005 12:59:25 +0100
Regards,
Julien
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
