On Sat, May 22, 2010 at 01:18:34AM +0100, Pedro R wrote:
> Package: mydms
> Severity: grave
> Tags: security
> Justification: user security hole
>
> Hi,
>
> some rather serious security vulnerabilities have been discovered in MyDMS <=
> 1.7.2.
>
> One of them is directory transversal and the other several cross site request
> forgeries.
>
> More information is here:
>
> https://www.sec-consult.com/files/20100115-0_mydms_file_inclusion.txt
I've extracted the file inclusion fixes and NMUed. The CRSF issues are not
very important, I've created a separate patch for them.
Cheers,
Moritz
--
To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
