[Secure-testing-team] Re: Bug#335938: mantis: Mantis 't_core_path'
File Inclusion Vulnerability
Thijs Kinkhorst
kink at squirrelmail.org
Thu Oct 27 13:04:11 UTC 2005
On Thu, October 27, 2005 14:56, Martin Schulze wrote:
>> I assume you've prepared packages of 0.19.3?
>> This would address the SQL injection issue and the other XSS in
>> view_all_set as well, which are both not yet in the BTS.
>>
>> The latest issues have been assigned CVE-2005-333[6789], BTW.
>>
>
> Do you have an idea which of them affect woody/sarge?
I do about sarge, all of them affect sarge, don't know about woody. I will
be preparing an upload for sarge soon, and investigate into woody. Can't
promise anything about woody though since the version is very different
from the current sarge/sid versions. But I will keep you all posted.
Thijs
More information about the Secure-testing-team
mailing list