Package: mediatomb-daemon Version: 0.12.1-4 Severity: grave Tag: security This is a regression of the bug that was fixed in #580120, but somehow the patch applied got revert. Anyone can list and download all the file accessible to the mediatomb user via the daemon web interface, which is binded to 0.0.0.0
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=580120 -- Olivier LĂȘ Thanh Duong <oliv...@lethanh.be>