On sneon 26 Desimber 2009, Giuseppe Iuculano wrote: > CVE-2009-4412[0]: > | Unrestricted file upload vulnerability in Serendipity before 1.5 > | allows remote authenticated users to execute arbitrary code by > | uploading a file with an executable extension followed by a safe > | extension, then accessing it via a direct request to the file in an > | unspecified directory. NOTE: some of these details are obtained from > | third party information.
Thanks. I'm working on uploading 1.5.1 to unstable soon. As it seems the issue can only be expoloited by people who already have quite some privileges on the blog plus the Apache MimeMagic module needs to be enabled. cheers, Thijs -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
