tags 401614 moreinfo
thanks
Florian Weimer wrote:
> Package: serendipity
> Tags: security
> Severity: grave
> Version: 1.0.3-4
>
> Version 1.0.4 fixes a directory traversal security bug. Please
> mention the ID CVE-2006-6242 in your upload.
I'm not sure that it does. The changelog of that version is actually two
items, one of which is about a security issue:
* Fix local file inclusion bug on systems with two conditions:
register_globals=on AND missing .htaccess for restricting access to
.inc.php files. (garvinhicking)
This is not a directory traversal. Are you perhaps referring to
something else?
Regarding the issue as mentioned in the changelog: that is an issue in a
unsupported configuration. It would therefore not be release critical.
> If you want to apply a patch, this seems to be upstream trunk revision
> 1528, but it's better to check that with upstream.
Thanks, I will see if it will be necessary and desirable to upload this
new release.
Thijs
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
