Package: sql-ledger Severity: grave Tags: security Justification: user security hole
http://cve.mitre.org/cgi-bin/cvename.cgi?name=2006-4244 Recently fully disclosed at http://www.securityfocus.com/archive/1/445512/30/0/threaded Looking at the source of menu.pl it appears to work exactly as Chris Travers describes it. Apparently all versions from 2.4.4 onwards are affected, which includes the version in sarge. -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
