Guys,
> $conffile = param('-f') unless $ENV{GATEWAY_INTERFACE};
I'm not really comfortable with this as a fix, since it still relies on
a CGI debugging feature to process arguments.
I've brought in the security team, which apparently should have been
done a long time ago. I suspect they'll ei
Nick Leverton <[EMAIL PROTECTED]> writes:
> > Thanks for your opinion, it's appreciated. But, pulling in
> > Getopt::Long would require yet another module which I would want to
> > avoid, especially since it still isn't fully GNU Getopt compatible in
> > that it insists on a space between a shor
I decided not to use blosxom at all, and I haven't used Perl since
version 4, but it seems like it wouldn't be a ton of work to do both:
support Getopt::Long and look at $ENV. Then, nothing breaks for
anybody.
Gerfried Fuchs <[EMAIL PROTECTED]> writes:
> Hi!
>
> I've today discussed t
Package: blosxom
Version: 2.0-14
Severity: grave
Tags: security
Justification: user security hole
On line 69, param("-f") is used as a potential configuration file:
for $rcfile ("/etc/blosxom/blosxom.conf", "/etc/blosxom.conf", param("-f")) {
if (-r $rcfile) {
open (RC, "< $rcfile") or die
4 matches
Mail list logo
