[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
gnats/contrib/gnatsweb ChangeLog gnatsweb.pl
From: |
yngves |
Subject: |
gnats/contrib/gnatsweb ChangeLog gnatsweb.pl |
Date: |
26 Jun 2001 19:13:31 -0000 |
CVSROOT: /cvs/gnats
Module name: gnats
Changes by: address@hidden 2001-06-26 12:13:31
Modified files:
contrib/gnatsweb: ChangeLog gnatsweb.pl
Log message:
(help_page): Fix a serious security hole where an attacker would be
able to read any file on the system or run any command to which the
web server process user had access to by submitting a rogue help_file
parameter in the URL. help_file is now hardcoded to 'gnatsweb.html'.
Patches:
http://sources.redhat.com/cgi-bin/cvsweb.cgi/gnats/contrib/gnatsweb/ChangeLog.diff?cvsroot=gnats&r1=2.23&r2=2.24
http://sources.redhat.com/cgi-bin/cvsweb.cgi/gnats/contrib/gnatsweb/gnatsweb.pl.diff?cvsroot=gnats&r1=2.33&r2=2.34
[Prev in Thread] |
Current Thread |
[Next in Thread] |
- gnats/contrib/gnatsweb ChangeLog gnatsweb.pl,
yngves <=