Uploaded dwww 1.4.3-1 (source i386) to master
Here's release 1.4.3 of dwww for hamm (libc6). There is a similar
release (1.4.2) for bo (libc5).
This fixes no bugs other than one major SECURITY BUG. This bug will
let people accessing dwww execute arbitrary commands on your system as
the user the web server runs as.
Please accept my apologies.
Cheers,
- Jim
-----BEGIN PGP SIGNED MESSAGE-----
Format: 1.5
Date: Thu, 12 Feb 1998 00:51:17 -0800
Source: dwww
Binary: dwww
Architecture: source i386
Version: 1.4.3-1
Distribution: unstable
Urgency: high
Maintainer: Jim Pick <jim@jimpick.com>
Description:
dwww - Read all on-line documentation via WWW
Changes:
dwww (1.4.3-1) unstable; urgency=high
.
* Another CGI security bug that allowed execution of arbitrary
commands. I am now specifying a set of acceptable characters, rather
than excluding certain ones and using perl -T. Fixes bug #18107
(Thanks to Martin Bialasinksi)
* I know there are lots of other non-security bugs outstanding. They will
be fixed in an upcoming, more substantial release.
* libc6 version.
Files:
e83cba3dbfd7a60041e1cee122690d2a 537 doc optional dwww_1.4.3-1.dsc
94cf01040082f72bd0904a42ed75bac2 56305 doc optional dwww_1.4.3-1.tar.gz
ec46f2746ec12037327ffa7eb12d4a2f 47508 doc optional dwww_1.4.3-1_i386.deb
-----BEGIN PGP SIGNATURE-----
Version: 2.6.3a
Charset: noconv
iQCVAwUBNOK4iuQz770qyIfJAQHlqwQAixxT/HlpDUYcX5mWqYZchkmcuxwSI5HT
pv+ciGYdnb9/kW30JQFj/tRVq/hoIeFX56nR6THNLOUIV+1hhbg6Gx6ii9i3iadL
Tk4Q5JGo45CwbLdVHaiJB2uO41fAgBJsjOYKSlIDBmxtdd0feDMaukfo7j5tUtWw
pPKXWbdPRh4=
=Ag6+
-----END PGP SIGNATURE-----
--
TO UNSUBSCRIBE FROM THIS MAILING LIST: e-mail the word "unsubscribe" to
debian-devel-changes-request@lists.debian.org .
Trouble? e-mail to templin@bucknell.edu .
Reply to: