On Tue, Jun 28, 2005 at 12:14:13PM +0200, Thijs Kinkhorst wrote: > On Tue, June 14, 2005 16:27, Thijs Kinkhorst wrote: > > I also cannot reproduce any exploit with points 1,2. Given that the full > > upstream fix has been backported to Debian, and also considering the > > quality of the referenced report, I think it's safe to say that this > > vulnerability is indeed fixed. > > If someone can provide testcases for these vulnerabilities, that would be > very helpful since we've been unable to reproduce.
I just tried plain upstream 2.0.14, and with point 2 the output was seriously mangled, but not vulnerable or something (no html meta characters). Point 1 remains unclear what actually the problem is, point 3 is still not a vulnerability in my opinion. --Jeroen -- Jeroen van Wolffelaar [EMAIL PROTECTED] (also for Jabber & MSN; ICQ: 33944357) http://Jeroen.A-Eskwadraat.nl -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
