severity 595248 serious
thanks
raising severity. this should be fixed before squeeze releases.
thanks.
mike
--
To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Le samedi 04 septembre 2010 à 16:56 +0200, Olivier Berger a écrit :
> I've asked the security team to upload an updated 0.7.3 package for
> squeeze/testing-security, and I'll prepare a version for 0.9.5 for
> unstable.
>
FYI, the 0.9.5-2 package including the same fix is ready in :
- URL
found 595248 0.7.3-3
tags 595248 + pending
thanks
Le vendredi 03 septembre 2010 à 16:53 +0200, Olivier Berger a écrit :
> I'm not so sure the whole of the patch proposed by the Mantis team is
> completely justified, and here's another alternative (shorter but
> sufficiant I think). Still waiting
tags 595248 + patch
thanks
Hi.
Le vendredi 03 septembre 2010 à 15:37 +0200, Olivier Berger a écrit :
> After a quick analysis, I tend to believe that users of the standard PHP
> 5.3 apache module packages with "suhosin.server.strip On" are safe : the
> %3C and likes are converted to question mar
Hi.
Thanks for reporting this.
After a quick analysis, I tend to believe that users of the standard PHP
5.3 apache module packages with "suhosin.server.strip On" are safe : the
%3C and likes are converted to question marks ('?').
Still, this deserves some fixing.
Any comments or help welcome.
Package: nusoap
Version: 0.9.5-1
Owner: olivier.ber...@it-sudparis.eu
Tags: security
Bogdan Calin of Acunetix discovered some cross site scripting
vulnerabilities in NuSOAP 0.9.5 relating to lack of escaping of
PHP_SELF. This is an issue because of potentially malicious URLs being
constructed alon
6 matches
Mail list logo
