@Jonas: Upstream seems to be based on the following sources: http://www.tntnet.org/download/tntnet-2.0.tar.gz
The default configuration in this packages is not xml format and therefor different to the one where all the patches in the existing tntnet source deb package were built on. I chose to adjust the existing patches in the most possible minor way. We also thought this would still expose the systems files if an attacker would use URLs like "/../../etc/passwd", but found no way to get it working, tntnet always returned "error". -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1430750 Title: Insecure Default Config leads to security issue To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/tntnet/+bug/1430750/+subscriptions -- ubuntu-bugs mailing list [email protected] https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
