On 09.05.25 11:52, Shang-Hung, Wan wrote: Hello Shang-Hung,
as you've noticed I've took my web page offline: running a web server carrying a vulnerable cgi script is probably not the best idea. ;-)
Yes, I've seen that. However I'm wondering, why they did not publish the "fixed" source code.There is a comment [1] that stated that he contacted the author John, and he said version 1.75 in the source code is just a mistake, it’s indeed version 1.77.
About the article you mentioned from cve[.]news, I checked it and found it’s totally nonsense, since: 1. The vulnerable code it mentioned even doesn’t exist in MimeTex
Yes, correct. However I thought it could be some kind of sample code, which do not literally have to appear in the source code...although not even the function names appears. I'm not good at coding.
3. It can’t even distinguish the vulnerability type
Yes, I was wondering about this too: why they mixed the two CVE's.
Since I don’t want to expose too much information to public about the exploitI've seen three links to youtube published in the CVE reports. Youtube forced me to login however the videos are still not accessible. Maybe this explains my dumb questions.
Hilmar -- Testmail
OpenPGP_signature.asc
Description: OpenPGP digital signature
