Sean Finney wrote:
> this is done now.
Thanks a lot. I have reviewed it and will use it for the advisory.
Regards,
Joey
--
Reading is a lost art nowadays. -- Michael Weber
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTEC
and (hopefully,) a final update...
On Tue, Jul 19, 2005 at 10:52:43AM +0200, Martin Schulze wrote:
> > 2 is trickier. we could either repeat the process i'm about finished
> > with wrt mysql_foo for all the functions that pass variables to
> > mysql_foo, or we could do the sanity checking in the
Sean Finney wrote:
> On Tue, Jul 19, 2005 at 07:54:31AM +0200, Martin Schulze wrote:
> > Ok, I'll wait.
>
> so, a 6 hour plane flight later, i've learned 3 things:
>
> 1 - there are a number of other variables that also need to be included.
> 2 - there are a number of calls where variables are in
On Tue, Jul 19, 2005 at 07:54:31AM +0200, Martin Schulze wrote:
> Ok, I'll wait.
so, a 6 hour plane flight later, i've learned 3 things:
1 - there are a number of other variables that also need to be included.
2 - there are a number of calls where variables are indirectly passed
to mysql_foo
Sean Finney wrote:
> hi,
>
> On Mon, Jul 18, 2005 at 07:21:29PM +0200, Martin Schulze wrote:
> > > i'll try and set some time aside tonight or tomorrow to test, but
> > > it looks good from an initial glance.
> >
> > Any outcome? In other words, any reason not to issue the advisory
> > and updat
sean finney wrote:
> On Fri, Jul 15, 2005 at 04:15:22PM +0200, Martin Schulze wrote:
> > > However, as I don't like the "next week" part too much, I'll try to
> > > work on the update on my own and send you the diff for comments.
> > > Should reduce the time you need to spend on the issue as well.
hi,
On Mon, Jul 18, 2005 at 07:21:29PM +0200, Martin Schulze wrote:
> > i'll try and set some time aside tonight or tomorrow to test, but
> > it looks good from an initial glance.
>
> Any outcome? In other words, any reason not to issue the advisory
> and update now?
i haven't had a chance to l
On Thu, Jul 14, 2005 at 07:10:30PM +0200, Martin Schulze wrote:
> Sean Finney wrote:
> > i guess i didn't in the email updating this, but did so in sanitize.php
> > itself:
>
> Yes, I saw that later. I hope, my tone wasn't too harsh.
my skin is fairly thick :)
> Yes, but the woody version does
Martin Schulze wrote:
> However, as I don't like the "next week" part too much, I'll try to
> work on the update on my own and send you the diff for comments.
> Should reduce the time you need to spend on the issue as well.
Ok, here is an update.
Regards,
Joey
--
Computers are not inte
another update,
the security release for cacti has been delayed due to complications
backporting the security fix into the version in woody, which is a major
release (and rewrite) behind the versions in sarge and sid.
joey from the security team provided an initial attempt at backporting
the ba
10 matches
Mail list logo
