On Jun 7, 2006, at 5:08 AM, David Gil wrote:
severity 370576 minor
thanks
Thanks...
El mar, 06-06-2006 a las 13:01 -0400, Kevin Johnson escribió:
I have to disagree with the Severity of grave. To exploit you need
to have register_globals set to on which has not been the default in
years.
Ok, now the bug has a minor severity. You are right, base is not
exploitable with the default installation of the package.
We have released 1.2.5 which fixes the issue and a number of
other things.
Yes, I am aware of it. We'll upload it in a few days. I've
submitted the
bug report to inform the security team (testing distribution has also
base 1.2.4) and to explain more in deep the changes in the 1.2.5
changelog.
Great... I appreciate it...
It just gets under my skin when "researchers" find
problems, elevate how serious they are and never notify the
development team.
Well, I don't understand you Kevin. I know you are subscribed to the
package tracking system of acidbase, so I know that you receive all
the
bugs submitted to the package too. If you don't agree with the severty
of a bug, you can always change it as I've just done.
Sorry this was not meant toward you. I was speaking of St0ke and
Milw0rm. I apologize for venting at you and the bug tracking
system. As too changing the severity I forgot. We have been busy
around here since my new daughter arrived Monday.
Sorry for my rant,
Kevin
Regards,
David.
Thanks
Kevin
---------------------
BASE Project Lead
http://sourceforge.net/projects/secureideas
http://base.secureideas.net
The next step in IDS analysis!
