Uploaded dwww 1.4.2-1 (source i386) to master
Here's release 1.4.2 of dwww for bo (libc5). There is a similar
release (1.4.3) for hamm (libc6).
This fixes no bugs other than one major SECURITY BUG. This bug will
let people accessing dwww execute arbitrary commands on your system as
the user the web server runs as.
Please accept my apologies.
Cheers,
- Jim
-----BEGIN PGP SIGNED MESSAGE-----
Format: 1.5
Date: Wed, 11 Feb 1998 23:22:37 -0800
Source: dwww
Binary: dwww
Architecture: source i386
Version: 1.4.2-1
Distribution: stable
Urgency: high
Maintainer: Jim Pick <jim@jimpick.com>
Description:
dwww - Read all on-line documentation via WWW
Changes:
dwww (1.4.2-1) stable; urgency=high
.
* Another CGI security bug that allowed execution of arbitrary
commands. I am now specifying a set of acceptable characters, rather
than excluding certain ones and using perl -T. Fixes bug #18107
(Thanks to Martin Bialasinksi)
* I know there are lots of other non-security bugs outstanding. They will
be fixed in an upcoming, more substantial release.
* Compiled for libc5 for bo-updates.
Files:
d71d8791c6917fbecbd538ae57b4a111 538 doc optional dwww_1.4.2-1.dsc
2c2dab438fe2e7aa24d0f8ec5adbaa5f 56437 doc optional dwww_1.4.2-1.tar.gz
6e86044a1f400ae6cf7e829ef2705a77 47450 doc optional dwww_1.4.2-1_i386.deb
-----BEGIN PGP SIGNATURE-----
Version: 2.6.3ia
Charset: noconv
iQCVAwUBNOK0/OQz770qyIfJAQFQCwP/TkJO6pZWzhVaABikguazjhYe0YvSeUtB
Sn+Ae9RgcPmFYzw8CY1v9WQRfLPLH8twZ0foiZlHlpD5nYELtFE5/y3EMtfEX7nV
OSSfR7Kr3eeTLnMeIgN7trWBYiFcvjgFaMYF/WSdyYPHK5lBuRgrBUB3LtdAYn4c
4/YVjioM3AI=
=O9q/
-----END PGP SIGNATURE-----
--
TO UNSUBSCRIBE FROM THIS MAILING LIST: e-mail the word "unsubscribe" to
debian-changes-request@lists.debian.org .
Trouble? e-mail to templin@bucknell.edu .
Reply to: