Date: Sat, 26 Jun 2010 10:42:25 +0200 From: Morten Shearman Kirkegaard <morten@...elingp.dk> To: Florian Streibelt <gentoo@...treibelt.de> Cc: oss-security <oss-security@...ts.openwall.com>, Jan Lieskovsky <jlieskov@...hat.com>, "Steven M. Christey" <coley@...us.mitre.org>, Michael Fleming <mfleming+rpm@...tfleminggent.com>, Mads Martin Joergensen <mmj@....dk>, Christoph Thiel <ct@....org>, Ben Schmidt <mail_ben_schmidt@...oo.com.au> Subject: Re: CVE Request -- mlmmj -- Directory traversal flaw by editing and saving list entries via php-admin web interface CC'ing Christoph Thiel (mlmmj-php-admin author) and Ben Schmidt (current mlmmj maintainer). On Wed, 2010-06-23 at 19:41 +0200, Florian Streibelt wrote: > when I reported the bug I had no time to further investigate and I think I > did not report upstream because of lack of time at that point and later > forgot - which is sad. Yeah, well, things like that happen. Would you agree that the attached patch fixes the vulnerability? Using a list of known-good-characters would be nice, but dot happens to be a valid character in a list name. > The php webinterface is a third-party development for mlmmj but part of the > official release. I know that this is just semantics, but... While it is true that the mlmmj-php-admin web interface is distributed along with mlmmj, it is not a part of mlmmj itself, but is located in the contribs directory. Best regards, Morten -- Morten Shearman Kirkegaard <morten@...elingp.dk> View attachment "patch-mlmmj-php-admin-dirtravfix.diff" of type "text/x-patch" (1139 bytes)
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Powered by Openwall GNU/*/Linux - Powered by OpenVZ