Summary: | dev-php/phpsysinfo | ||||||
---|---|---|---|---|---|---|---|
Product: | Gentoo Security | Reporter: | Daniel Ahlberg (RETIRED) <aliz> | ||||
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> | ||||
Status: | RESOLVED FIXED | ||||||
Severity: | critical | CC: | dougw, php-bugs, web-apps | ||||
Priority: | Highest | ||||||
Version: | unspecified | ||||||
Hardware: | All | ||||||
OS: | Linux | ||||||
Whiteboard: | |||||||
Package list: | Runtime testing required: | --- | |||||
Attachments: |
|
Description
Daniel Ahlberg (RETIRED)
2003-08-17 01:02:29 UTC
Created attachment 19141 [details, diff] Patch to disallow '..' in template and language filenames This patch is an excerpt from the patch collection provided by Frederik Schueler here: http://users.idf.de/~fs/debian/phpsysinfo_2.1-1.diff.gz . The "debian/" additions and kernel 2.{5,6} memory display fix were removed from the referenced patch as the do not address this particular bug. CVS updated to -r1 with patch from offical debian source. closing |