On Sat, Jan 28, 2006 at 09:23:31PM +0100, Martin Schulze wrote:
> Neil McGovern wrote:
> > On Sun, Jan 22, 2006 at 11:35:15AM +0100, Martin Schulze wrote:
> > > Lionel Elie Mamane wrote:
> > > > I've tried to backport the upstream patch for kronolith 2, but most
> > > > files touched don't actually
Neil McGovern wrote:
> On Sun, Jan 22, 2006 at 11:35:15AM +0100, Martin Schulze wrote:
> > Lionel Elie Mamane wrote:
> > > I've tried to backport the upstream patch for kronolith 2, but most
> > > files touched don't actually exist in kronolith 1, as well as a
> > > sizeable part of the code touche
* Martin Schulze:
> I've taken a look at the patch, and several lines contain changes not
> suitable for a security update, i.e. fix different potential bugs or
> change the code. I'm attaching the patch. More eyes checking would
> be appreciated.
This one seems only safe when magic_quotes_gpc
Neil McGovern wrote:
> A fairly odd bug. It only affects the app if REGISTER_GLOBALS is on,
> however, the app requires REGISTER_GLOBALS :|
Isn't this in and of itself a problem due to CVE-2005-3390. Is that
finally going to be fixed in Sarge?
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=3366
On Sun, Jan 22, 2006 at 11:35:15AM +0100, Martin Schulze wrote:
> Lionel Elie Mamane wrote:
> > I've tried to backport the upstream patch for kronolith 2, but most
> > files touched don't actually exist in kronolith 1, as well as a
> > sizeable part of the code touched in the files that do exist. H
5 matches
Mail list logo
