severity 401614 normal tags 401614 -moreinfo thanks Florian Weimer wrote:
> Version 1.0.4 fixes a directory traversal security bug. Please > mention the ID CVE-2006-6242 in your upload. > > If you want to apply a patch, this seems to be upstream trunk revision > 1528, but it's better to check that with upstream. I've checked the full diff and this indeed can be turned into a path traversal; sorry for the confusion earlier. However, it's still a clearly unsupported configuration, so I'm downgrading to normal. I'll still upload the new version, but probably not at high urgency, because we should ofcourse try to prevent people from shooting themselves in the foot wherever we can. Thanks for the note. Thijs -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]