[pkg-tikiwiki-devel] Security problem in jhot.php
Marcus Better
marcus at better.se
Sun Sep 3 16:22:10 UTC 2006
The recently discovered security problem (PHP injection) in jhot.php is
not exploitable on Debian in the default install, thanks to strict
policies in the Apache configuration. This neatly illustrates how users
benefit from a well-maintained Debian package.
Many non-Debian tikiwiki servers were reportedly compromised.
Nevertheless I've released 1.9.4+dfsg2-3 with a bugfix, just as a
precaution (and for people not using the default web server configuration).
Marcus
More information about the pkg-tikiwiki-devel
mailing list