Installed cgiemail 1.6-9 (i386 source)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Format: 1.7
Date: Sun, 13 Jan 2002 21:43:54 -0500
Source: cgiemail
Binary: cgiemail
Architecture: source i386
Version: 1.6-9
Distribution: unstable
Urgency: high
Maintainer: Debian QA Group <packages@qa.debian.org>
Changed-By: Thomas Smith <tgs@debian.org>
Description:
cgiemail - CGI Form-to-Mail converter
Changes:
cgiemail (1.6-9) unstable; urgency=high
.
* Fixed one of two major security holes. I am going to orphan the package
now, because I am not up to fixing the other one. Fixed one is line 185
of cgilibcso.c, and I am not sure if I got it quite right (it should be
safe though). Unfixed one is that attackers can read your cgi scripts,
which may contain sensitive data.
* This is all Bug#129104, but it does not close it as there is the other
hole.
Files:
640435d741ec2c7d0fccbf2c3c2a26eb 563 web optional cgiemail_1.6-9.dsc
5a39f3b5615296ac833952cab01ab747 10251 web optional cgiemail_1.6-9.diff.gz
d39cc6d474e3172bc4c02b71bb83ff49 28544 web optional cgiemail_1.6-9_i386.deb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.6 (GNU/Linux)
iEYEARECAAYFAjxCSIwACgkQ/xuE/qyrqB57UQCgztr5UMTJZN8FIAm6j1Mugxsw
/QkAoLhetQZubVKKlSSXKovjI8tABXRR
=M7Q/
-----END PGP SIGNATURE-----
Installed:
cgiemail_1.6-9.diff.gz
to pool/main/c/cgiemail/cgiemail_1.6-9.diff.gz
cgiemail_1.6-9.dsc
to pool/main/c/cgiemail/cgiemail_1.6-9.dsc
cgiemail_1.6-9_i386.deb
to pool/main/c/cgiemail/cgiemail_1.6-9_i386.deb
Reply to: