[Secure-testing-team] Bug#693076: gatling: Gatling 0.12 has two direcory traversal vulns that were fixed in 0.13
Jann Horn
jannhorn at googlemail.com
Mon Nov 12 19:26:51 UTC 2012
Package: gatling
Version: 0.12cvs20120114-2
Severity: grave
Tags: upstream security
Justification: user security hole
gatling 0.12 has two directory traversal vulns (one in the handling of Host headers, one
in the ftp code) that have been fixed in Gatling 0.13.
-- System Information:
Debian Release: wheezy/sid
APT prefers testing
APT policy: (500, 'testing')
Architecture: amd64 (x86_64)
Foreign Architectures: i386
Kernel: Linux 3.2.0-4-amd64 (SMP w/2 CPU cores)
Locale: LANG=de_DE.UTF-8, LC_CTYPE=de_DE.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Versions of packages gatling depends on:
ii libc6 2.13-35
ii libowfat0 0.28-5
ii libpolarssl0 1.1.4-1
ii libssl1.0.0 1.0.1c-4
ii zlib1g 1:1.2.7.dfsg-13
gatling recommends no packages.
gatling suggests no packages.
-- no debconf information
More information about the Secure-testing-team
mailing list