,
--
Bruno De Fraine
--
To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
ow -- Apache2 module for
authentication using shadow
thanks
Re: Bruno De Fraine 2008-11-01 >
> reopen 503184
> thanks
>
> As explained in my message, I am aware that the original maintainer
> removed this package with bug #489862, but I disagree with that
> decision: m
introduced by the 1.2.15-1 upload, signed by Stuart
Teasdale. The NMU continues the wrong version.
Regards,
Bruno De Fraine
signature.asc
Description: Digital signature
Hello,
This script intentionally looks for a blank line in between messages
in the mbox file. There is no such requirement that I know of;
There *is* certainly mention of a blank line in the first few
references that turn up when looking for an mbox file specification:
http://www.qmail.or
Hello Matthias,
On 3-nov-08, at 16:04, Matthias Wandel wrote:
Ok, I have integrated this patch, plus a temp file patch that was
submitted,
and uploaded it as the head rev copy on the website. The head rev
version
number has been changed to 2.85.
I have made sure it works under Windows, an
Hello Nico,
On 01 Nov 2008, at 16:00, Nico Golde wrote:
If I understand correctly it will just delete
files with names derived from existing files. I cannot be used to
delete arbitrary files.
Why is this unlink needed anyway?
Any existing file in the position of the temporary output file is
As explained in my message, I am aware that the original maintainer
removed this package with bug #489862, but I disagree with that
decision: mod_auth_shadow provided functionality for which there is
currently no good alternative in Debian. I think he should have
orphaned his package instea
Hello,
After looking at the documentation of my shell, I propose the
following patch for the command injection problem. (I assume this
works for other Unix shells as well.)
Demo with some maliciously crafted file names:
$ ./jhead -cmd "ls &i" foo.jpg*
Cmd:ls "foo.jpg\`date\`"
foo.jpg`date`
s can be avoided if you escape the file name as done by
"addslashes" from PHP: by placing a backslash before double quotes,
other backslashes, NUL, etc. So in pseudo-code:
e += sprintf(ExecString+e, "\"%s\"",
addslashes(FileName));
Nico, do you think this would be sufficient to rule out the
vulnerability?
Best regards,
Bruno De Fraine
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
is already a working package, I am not
submitting this as a "Request For Package".
Best regards,
Bruno De Fraine
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
bgsasl7,
libidn11 (>= 0.5.18), libkrb53 (>= 1.4.2), libtasn1-3 (>= 0.3.4),
zlib1g (>= 1:1.2.1)
I'm CC-ing this to the debian-release list to see if anything can be
done to unlock this situation.
Thank you,
Bruno De Fraine
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
wi
Followup-For: Bug #377308
Package: libid3-3.8.3-dev
Version: 3.8.3-4.1
The tools id3tag, id3info, id3cp and id3convert are very useful to
non-developers as well and their package is currently difficult to
locate. Please go ahead and include their names in the package
description. (You could
12 matches
Mail list logo
