On Wednesday 17 June 2009 05:27:49 James Andrewartha wrote:
Pierre,
The bug in download.php is still there in lenny, why did you close
the bug?
Hi James,
I closed the bug because the advisory [1] stated 1.02 while Lenny
version is 1.01.
Additionally, this injection does not work here:
On Wed, 17 Jun 2009, Pierre Chifflier wrote:
On Wednesday 17 June 2009 05:27:49 James Andrewartha wrote:
Pierre,
The bug in download.php is still there in lenny, why did you close
the bug?
Hi James,
I closed the bug because the advisory [1] stated 1.02 while Lenny
version is
Hi Pierre,
Pierre Chifflier ha scritto:
I closed the bug because the advisory [1] stated 1.02 while Lenny
version is 1.01.
This doesn't imply that 1.01 isn't affected.
Cheers,
Giuseppe.
signature.asc
Description: OpenPGP digital signature
On Wednesday 17 June 2009 15:25:57 Giuseppe Iuculano wrote:
Hi Pierre,
Pierre Chifflier ha scritto:
I closed the bug because the advisory [1] stated 1.02 while Lenny
version is 1.01.
This doesn't imply that 1.01 isn't affected.
I fully agree, but you should quote correctly :
Pierre Chifflier ha scritto:
I fully agree, but you should quote correctly :
--8-
Additionally, this injection does not work here:
http://xxx.xxx.xxx.xxx/ocsreports/download.php?n=1dl=2o=3v=4%27union+all+select+concat(id,
%27:%27,passwd)+from+operators%23
Pierre,
The bug in download.php is still there in lenny, why did you close the bug?
--
# TRS-80 trs80(a)ucc.gu.uwa.edu.au #/ Otherwise Bub here will do \
# UCC Wheel Member http://trs80.ucc.asn.au/ #| what squirrels do best |
[ There's nobody getting rich writing
Package: ocsinventory-server
Severity: serious
Tags: security
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Hi,
The following SA (Secunia Advisory) id was published for OCS Inventory NG:
SA35311[0]:
Description:
Nico Leidecker has discovered a vulnerability in OCS Inventory NG, which can be
fixed 531735 1.02.1-1
tags 531735 lenny patch
thanks
Giuseppe Iuculano ha scritto:
The vulnerability is confirmed in version 1.02.1. Other versions may also be
affected.
This was wrong, 1.02.1 is not vulnerable.
Patch:
8 matches
Mail list logo