Hi! Thanks for reporting!
On 12/11/12 20:26, Jann Horn wrote: > Package: gatling > Version: 0.12cvs20120114-2 > Severity: grave > Tags: upstream security > Justification: user security hole > > gatling 0.12 has two directory traversal vulns (one in the handling of Host > headers, one > in the ftp code) that have been fixed in Gatling 0.13. Which ones do you mean? (e.g. CVS commits/fixes?) How does it justify grave/security? Does it only apply to your just reported use case with CGI+suid root? We should identify the CVS commits for backporting. Thanks in advance, Roland -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
