Package: sql-ledger Version: 2.6.22-1 Severity: important Tags: security Hi. Maybe sql-ledger is affected by CVE-2007-0667.
Description: Separate from CVE-2006-5872, there is a possibility of causing arbitrary code execution during redirects. This requires a valid login to exploit and was discovered and brought to the attention of both the SQL-Ledger and LedgerSMB team in November. LedgerSMB 1.1.5 corred the problem, but it is still not corrected in SQL-Ledger. Reference: http://www.frsirt.com/english/advisories/2007/0407 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-0667 Note: Please mention the CVE id in the changelog. Thanks in advanced. regards, -- .''`. : :' : Alex de Oliveira Silva | enerv `. `' www.enerv.net `- -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
