* Nico Golde: > CVE-2007-3163 (Incomplete blacklist vulnerability in the filemanager in > Frederico ...) > - moin 1.5.8-4.1 (unimportant; bug #429205) > - knowledgeroot 0.9.8.2-2 (unimportant; bug #429204) > - karrigell <unfixed> (unimportant; bug #429207) > NOTE: This is only exploitable on NTFS filesystems > NOTE: Given the state of Linux' NTFS support it seems highly unlikely > NOTE: and given the state of ext3/XFS highly stupid to run a Debian-based > NOTE: web server with NTFS > TODO: Check, whether NTFS on Linux is affected at all, I doubt so > > The TODO and NOTES do not belong to this CVE but I don't want to remove them > since they might be missing somewhere else. Anyone knows where they belong to?
I think the notes apply to the embedded copy of FckEditor. But there is something that doesn't make much sense -- how can client-side Javascript result in this bug? _______________________________________________ Secure-testing-team mailing list [email protected] http://lists.alioth.debian.org/mailman/listinfo/secure-testing-team
