Date: Wed, 23 Dec 2009 17:02:08 -0500 (EST) From: "Steven M. Christey" <coley@...us.mitre.org> To: oss-security@...ts.openwall.com Subject: Re: CVE request: Serendipity < 1.5 upload of files with *.php.* possible On Mon, 21 Dec 2009, Hanno Böck wrote: > From 1.5 release notes: > # Disallow uploading any files that contain ".php." in the filename for extra > security with Apache MimeMagic-Modules Use CVE-2009-4412, to be filled in later. - Steve
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Powered by Openwall GNU/*/Linux - Powered by OpenVZ