severity 416696 important thanks El jueves, 29 de marzo de 2007 22:17, Chung-chieh Shan escribió: > Package: viewvc > Version: 1.0.3-2 > Severity: critical > Tags: security patch > Justification: causes serious data loss > > Hello, > > viewvc provides a "forbidden" configuration option to forbid access to > parts of a repository, but only *directory* listing is forbidden. An > attacker who guesses a file name can still view the file directly, even > old revisions of the file.
Hello, Ken. What do you think 'causes serious data loss' means?
This bug, though security-related, is not destroying any data. It is
only
about not forbiding a specific part of an exported tree. It does not belongs
to Debian critical bugs.
I will test your patch in a couple of days.
Best regards,
Ender.
--
Network engineer
Debian Developer
pgpPwuvVHNYfb.pgp
Description: PGP signature
