Viewing all changes in revision 4.
- Committer: Bazaar Package Importer
- Date: 2005-08-11 16:29:57 UTC
- Revision ID: james.westby@ubuntu.com-20050811162957-iwixzj70nm0ht8u3
* SECURITY UPDATE: Fix arbitrary command injection.
* Add debian/patches/03_remove_eval.patch:
- Replace all eval() calls for dynamically constructed function names with
soft references. This fixes arbitrary command injection with specially
crafted referer URLs which contain Perl code.
- Patch taken from upstream CVS, and contained in 6.5 release.
* References:
CAN-2005-1527
http://www.idefense.com/application/poi/display?id=290&type=vulnerabilities
* Add debian/patches/03_remove_eval.patch:
- Replace all eval() calls for dynamically constructed function names with
soft references. This fixes arbitrary command injection with specially
crafted referer URLs which contain Perl code.
- Patch taken from upstream CVS, and contained in 6.5 release.
* References:
CAN-2005-1527
http://www.idefense.com/application/poi/display?id=290&type=vulnerabilities
- files added:
- debian/patches/03_remove_eval.patch
- files modified:
- debian/changelog
expand all
collapse all
added
removed
