severity 370576 minor thanks El mar, 06-06-2006 a las 13:01 -0400, Kevin Johnson escribió: > I have to disagree with the Severity of grave. To exploit you need > to have register_globals set to on which has not been the default in > years.
Ok, now the bug has a minor severity. You are right, base is not exploitable with the default installation of the package. > We have released 1.2.5 which fixes the issue and a number of > other things. Yes, I am aware of it. We'll upload it in a few days. I've submitted the bug report to inform the security team (testing distribution has also base 1.2.4) and to explain more in deep the changes in the 1.2.5 changelog. > It just gets under my skin when "researchers" find > problems, elevate how serious they are and never notify the > development team. Well, I don't understand you Kevin. I know you are subscribed to the package tracking system of acidbase, so I know that you receive all the bugs submitted to the package too. If you don't agree with the severty of a bug, you can always change it as I've just done. > Sorry for my rant, > Kevin Regards, David.
