On Sat, Aug 04, 2018 at 09:16:08AM +0200, Landry Breuil wrote:
> And it is fixed by the update, which returns a 400 error code now.
Thanks for testing, committed now.
On Sat, Aug 04, 2018 at 09:10:09AM +0200, Landry Breuil wrote:
> On Fri, Aug 03, 2018 at 10:45:46PM +0200, Klemens Nanni wrote:
> > 1.2.1 fixes a directory traversal bug:
> > https://bugs.chromium.org/p/project-zero/issues/detail?id=1627
>
> I've tried exploiting the bug locally and didnt manage
On Fri, Aug 03, 2018 at 10:45:46PM +0200, Klemens Nanni wrote:
> 1.2.1 fixes a directory traversal bug:
> https://bugs.chromium.org/p/project-zero/issues/detail?id=1627
I've tried exploiting the bug locally and didnt manage to read files
from /var/www, but whatever. cgit still works with the
1.2.1 fixes a directory traversal bug:
https://bugs.chromium.org/p/project-zero/issues/detail?id=1627
While here:
* in README refer to an installed manual page instead of the
online version
* use simpler and AF agnostic httpd.conf(5) syntax in our example
I'd be happy to hear feedback from