Hi Moritz, * Moritz Muehlenhoff <jmm@inutil.org> [2007-10-22 18:12]: > (Replying to the correct list.) > On Mon, Oct 22, 2007 at 03:01:30PM +0200, Nico Golde wrote: > > Hi, > > CVE-2007-3163 (Incomplete blacklist vulnerability in the filemanager in Frederico ...) > > - moin 1.5.8-4.1 (unimportant; bug #429205) > > - knowledgeroot 0.9.8.2-2 (unimportant; bug #429204) > > - karrigell <unfixed> (unimportant; bug #429207) > > NOTE: This is only exploitable on NTFS filesystems > > NOTE: Given the state of Linux' NTFS support it seems highly unlikely > > NOTE: and given the state of ext3/XFS highly stupid to run a Debian-based > > NOTE: web server with NTFS > > TODO: Check, whether NTFS on Linux is affected at all, I doubt so > > > > The TODO and NOTES do not belong to this CVE but I don't want to remove them > > since they might be missing somewhere else. Anyone knows where they belong to? > > No, they're alright, see the refs in the CVE entry. Ah thanks! > Someone should package fckeditor and file bugs against all packages embedding it, > though. Yes I agree, Roland Mas filed an RFP for fckeditor since gforge also includes this and is affected by one of the CVEs, will file bugs if someone packaged it. Kind regards Nico -- Nico Golde - http://www.ngolde.de - nion@jabber.ccc.de - GPG: 0x73647CFF For security reasons, all text in this mail is double-rot13 encrypted.
Attachment:
pgpxQjhHuabO6.pgp
Description: PGP signature