This is the mail archive of the gnats-cvs@sources.redhat.com mailing list for the GNATS project.

Index Nav:	[Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav:	[Date Prev] [Date Next]	[Thread Prev] [Thread Next]

gnats/contrib/gnatsweb ChangeLog gnatsweb.pl

To: gnats-cvs at sourceware dot cygnus dot com
Subject: gnats/contrib/gnatsweb ChangeLog gnatsweb.pl
From: yngves at sourceware dot cygnus dot com
Date: 26 Jun 2001 19:13:31 -0000

CVSROOT:	/cvs/gnats
Module name:	gnats
Changes by:	yngves@sources.redhat.com	2001-06-26 12:13:31

Modified files:
	contrib/gnatsweb: ChangeLog gnatsweb.pl 

Log message:
	(help_page): Fix a serious security hole where an attacker would be
	able to read any file on the system or run any command to which the
	web server process user had access to by submitting a rogue help_file
	parameter in the URL.  help_file is now hardcoded to 'gnatsweb.html'.

Patches:
http://sources.redhat.com/cgi-bin/cvsweb.cgi/gnats/contrib/gnatsweb/ChangeLog.diff?cvsroot=gnats&r1=2.23&r2=2.24
http://sources.redhat.com/cgi-bin/cvsweb.cgi/gnats/contrib/gnatsweb/gnatsweb.pl.diff?cvsroot=gnats&r1=2.33&r2=2.34

Index Nav:	[Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav:	[Date Prev] [Date Next]	[Thread Prev] [Thread Next]