Hi On Sun, Jan 20, 2013 at 06:15:30PM +0100, Yves-Alexis Perez wrote: > On dim., 2013-01-20 at 13:07 +0100, Salvatore Bonaccorso wrote: > > So I have verified the following things: > > > > - The debdiff contains only the mentioned change (debdiff attached). > > > > - The patch is applied to /usr/share/ganglia-webfrontend/graph.php in > > the produced binary package ganglia-webfrontend. > > > > - If I try to exploit the argument g= passed to graph.php on a > > squeeze with installed package it does not work anymore and in logs > > I correctly notice the Error output produced by the error_log. At > > least with the obvious exploit variant. > > Can you upload to security-master? Remember to build with -sa.
Done! And thanks for your work on the Security Team! Regards, Salvatore -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org