uploaded dwww 1.4.1-1 (m68k) to master
-----BEGIN PGP SIGNED MESSAGE-----
Format: 1.5
Date: Tue, 8 Apr 1997 12:00:21 -0700
Source: dwww
Binary: dwww
Architecture: m68k
Version: 1.4.1-1
Distribution: frozen unstable
Urgency: high
Maintainer: James Troup <jjtroup@comp.brad.ac.uk>
Description:
dwww - Read all on-line documentation via WWW
Changes:
dwww (1.4.1-1) frozen unstable; urgency=high
.
* Fixed major security flaw: dwww.cgi would accept backquotes
and '$' characters, then pass them on to bash. This enables
people to execute commands as the CGI user. Particularily
dangerous if someone configures their web server to run
CGI programs as root. dwww.cgi was modified to convert all
backquotes and dollar signs into underscores.
* dwww.cgi: don't convert '+' characters into spaces - fixes
bug #8563 (Thanks Lars Wirzenius and Joost Witteveen)
* dwwwconfig: place quotes around DWWW_SERVERTYPE in
/etc/dwww/dwww.conf to cope with server names with space
such as CERN httpd - fixes bug #8525
* /etc/cron.daily/dwww: added line to cd to /var/spool/dwww
to prevent error message that someone was having (not me)
- fixed bug #8591
Files:
d24dcc2ec5df75dc3db1640346efda46 46424 doc optional dwww_1.4.1-1_m68k.deb
-----BEGIN PGP SIGNATURE-----
Version: 2.6.3i
Charset: noconv
iQCVAwUBM1FpInaw9XG4JAR1AQEE/QP/TyWV8Kwh2ZnMak+ArbkxBDYL2Pqivqon
B+xjc6T5rDEzX9x7FUFehVt3PZqI5GBRJZumPP5rxVX0XBHED0TtZCgsW6VWjZty
SSkgErqzM5jLQYhRnjNjHzlw9zn8vW+CfgTHA0dik5ZuhbMlLZL1mbZMecV447TZ
Z39liPeuR40=
=ZQDy
-----END PGP SIGNATURE-----
Reply to: