Hi Neil, * Neil Williams <[EMAIL PROTECTED]> [2008-07-23 00:20]: > On Tue, 2008-07-22 at 20:54 +0200, Nico Golde wrote: > > * Moritz Naumann <[EMAIL PROTECTED]> [2008-07-22 20:46]: > > > I'm not providing additional technical information or ways to reproduce > > > this issue since - while a patch is available - I cannot verify whether > > > or not there are other vulnerable installations out there. > > > > > > Please feel free to get in touch with me directly in 4 weeks from now > > > and ask me to provide further information on this bug tracker - I'll > > > happily do it then. > > > > Why don't you contact [EMAIL PROTECTED] with this > > including further information if you don't want to disclose > > them publicly here in the bts? > > I don't think there are any other implementations of this script, the > bug is a precaution because the script is included in the package but > not actually installed into any http visible location by default. It > needs to be symlinked or copied into a server location. > > The one publicly visible implementation that I maintain has been fixed.
The point is it doesn't makes sense to request a CVE id for this without any details that allows us to track the issue. And I fail to see the reason to omit this information here as it doesn't seem to be that ubercritical. Cheers Nico -- Nico Golde - http://www.ngolde.de - [EMAIL PROTECTED] - GPG: 0x73647CFF For security reasons, all text in this mail is double-rot13 encrypted.
pgpwIjHULsHTn.pgp
Description: PGP signature
