[Secure-testing-team] Multiple Vulnerabilities (xss, insecure file handling and code execution)
Luca Bruno
lucab at debian.org
Fri Oct 24 19:32:34 UTC 2008
Package: websvn
Version: 1.61-20
Severity: critical
Tags: security
A full disclosure bulletin has been posted today, reporting various
security vulnerabilities in websvn.
The remote code execution should only affect etch version, while at a
first glance the others are also still open in lenny/sid.
Check the complete bulletin at:
http://www.gulftech.org/?node=research&article_id=00132-10202008
http://www.milw0rm.com/exploits/6822
Ciao, Luca
--
.''`. ** Debian GNU/Linux ** | Luca Bruno (kaeso)
: :' : The Universal O.S. | lucab (AT) debian.org
`. `'` | GPG Key ID: 3BFB9FB3
`- http://www.debian.org | Debian GNU/Linux Developer
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 197 bytes
Desc: not available
Url : http://lists.alioth.debian.org/pipermail/secure-testing-team/attachments/20081024/a4af5e05/attachment.pgp
More information about the Secure-testing-team
mailing list