I've just downloaded the WebSVN 2.1 tarball and it is not vulnerable for
this issue. Therefore, reporting to upstream doesn't make any sense...
However, WebSVN 2.0 will appear in Lenny. I think the fix should be
backported to 2.0 or Lenny should contain WebSVN 2.1.
--
To UNSUBSCRIBE, email to
Florian Weimer wrote:
> * Bas van Schaik:
>
>> When WebSVN is configured to use an SVN authz file to check user
>> permissions, it only lists the repositories to which the user has
>> been granted authorization (like expected).
>>
> Thanks. Has this be
Package: websvn
Version: 2.0-4
Severity: grave
Tags: security
Justification: user security hole
When WebSVN is configured to use an SVN authz file to check user
permissions, it only lists the repositories to which the user has
been granted authorization (like expected).
However, a malicious (auth
Michael Ablassmeier wrote:
> hi Bas,
>
> On Tue, Oct 07, 2008 at 01:58:17PM +0200, Bas van Schaik wrote:
>
>> I didn't get any dbconfig-common question at all. Maybe it is important
>> to note that my MySQL server is actually running on another server?
>>
Michael Ablassmeier wrote:
> hi,
>
> On Wed, Oct 01, 2008 at 08:53:02PM +0200, Bas van Schaik wrote:
>
>> After upgrading my Zabbix 1.4.6 installation from Lenny to Zabbix 1.6
>> from Sid Zabbix does not work anymore, complaining about "unknown column
>>
Package: zabbix
Version: 1.6
Severity: grave
Justification: renders package unusable
After upgrading my Zabbix 1.4.6 installation from Lenny to Zabbix 1.6
from Sid Zabbix does not work anymore, complaining about "unknown column
'g.gui_access'" and "unknown column 'g.users_status'". Clearly, upgrad
Package: pdns
Version: 2.9.20-8
Severity: grave
Justification: causes non-serious data loss
When a (super)master nameserver sends NOTIFY-packets to it's slave
nameserver(s), those will queue an AXFR for the modified zone. However,
if this AXFR fails (for example, because of a master nameserver get
7 matches
Mail list logo
