On Wed, Nov 28, 2012 at 05:22:30PM +0100, Roland Stigge wrote:
> On 11/28/2012 05:10 PM, Moritz Muehlenhoff wrote:
> >>> gatling 0.12 has two directory traversal vulns (one in the handling of
> >>> Host headers, one
> >>> in the ftp code) that have been fixed in Gatling 0.13.
> >>
> >> Which ones do you mean? (e.g. CVS commits/fixes?) How does it justify
> >> grave/security?
> >>
> >> Does it only apply to your just reported use case with CGI+suid root? We
> >> should identify the CVS commits for backporting.
> >
> > Does this affect stable?
>
> There is no gatling in stable.
Indeed, that makes Squeeze rather unaffected :-)
Cheers,
Moritz
--
To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
