tags 646675 + patch thanks OoO Peu avant le début de l'après-midi du mercredi 26 octobre 2011, vers 13:07, Philipp Kern <pk...@debian.org> disait :
>> severity 646675 important >> thanks > am I the only one who has insanely loud alarm bells when reading his report, > the ticket and everything? > It includes a foreign site and we can be happy that suhosin blocks it. (I'm > working from the information in the roundcube ticket[0]. I didn't investigate > it myself.) But suhosin is not the default? Yes, the problem seems pretty severe. I am unable to reproduce it, even with the conditions listed in the ticket [0]. The ticket is not marked as fixed but the patch has been applied [1]. 0.6 does not seem vulnerable, only 0.5.4 and older. Ingo, you reported the bug against 0.6. Is it really the version that is affected by the problem? It seems already patched. [0]: http://trac.roundcube.net/ticket/1488086 [1]: http://trac.roundcube.net/changeset/5222 -- Vincent Bernat ☯ http://vincent.bernat.im die_if_kernel("Penguin instruction from Penguin mode??!?!", regs); 2.2.16 /usr/src/linux/arch/sparc/kernel/traps.c
pgpWnwBgmtVHc.pgp
Description: PGP signature
