Summary: | www-apps/twiki arbitary command execution | ||
---|---|---|---|
Product: | Gentoo Security | Reporter: | Kevin Stadmeyer <Lev> |
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
Status: | RESOLVED FIXED | ||
Severity: | major | CC: | tigger, web-apps |
Priority: | Highest | ||
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
URL: | http://archives.neohapsis.com/archives/fulldisclosure/2004-11/0445.html | ||
Whiteboard: | B1 [glsa] | ||
Package list: | Runtime testing required: | --- |
Description
Kevin Stadmeyer
2004-11-12 22:25:01 UTC
web-apps please review and advise. Added web-apps CC. Please review and fix. Explanation and patches @ http://twiki.org/cgi-bin/view/Codev/SecurityAlertExecuteCommandsWithSearch tigger^: urgent fix needed on this one too version bumped. the only testing I've done for this was to test that it installed the files correctly, I don't have knowledge of the app to test it properly. ppc please test and mark stable. tigger^: thx for the bump... but the fix version in 20040902, not 20040901, and I don't see any patches applied to 20040901 in the ebuild, so I guess this is still vulnerable. tigger or web-apps : we still need to bump to 20040902. There is an exploit out there, so this is prio 1. Ebuild not ready yet, unplugging ppc bumped again. in my defense I just did what it said in the first comment ;P thx rob. ppc please test twiki-20040902 and mark stable. Tested and marked stable on ppc. GLSA 200411-33 |