[Secure-testing-team] torrentflux issues
Stefan Fritsch
sf at sfritsch.de
Sat Nov 18 12:17:18 CET 2006
Hi,
torrentflux recently had several vulnerabilities due to not properly
sanitizing user input [1,2]. I think this is a candidate for an audit
or/and exclusion from etch.
Does anyone have time for an audit?
Cheers,
Stefan
[1]
http://security-tracker.debian.net/tracker/source-package/torrentflux
[2] After a quick check, I found an issue with the 'announce'
parameter in maketorrent.php.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: not available
Url : http://lists.alioth.debian.org/pipermail/secure-testing-team/attachments/20061118/aa643b26/attachment.pgp
More information about the Secure-testing-team
mailing list