Package: cgi-scripts
Version: 1.0.9
Severity: grave
Several example scripts in the 'cgi-scripts' package pass information
supplied by the remote user via unquoted strings. The failure to quote
these strings introduces a severe potential vulnerability. Although some
web servers may provide some f
Package: cgi-scripts
Version: 1.0.9
Severity: Normal
My opinion, for what it may be worth, is that the example programs in
'cgi-scripts' are in several cases so far out of date that they represent
what are considered bad practice in modern CGI technique.
For example, the 'mailto.pl' script dating
Another related issue worth noting is that the 'mailto.pl' script invokes
'sendmail' with the address provided unquoted on the command line. I am
sure there are more of these; it is just a matter of wading through them.
-- Mike
On Sun, Oct 17, 1999 at 10:20:36AM +0200, Christian Kurz wrote:
> This is a problem of update-alternatives and your personal
> configuration. It seems like you put /usr/share/man on an other
No, only update-alternatives.
> partition then /usr/man and so it fails to create the symlink. Would you
[ Followup in debian-devel, please respect it ]
Hi people,
i've adopted gnome-core some weeks ago, i've cleaned and checked
most of the bugs with the help of Christian Marillat.
But it's a big package (in fact many little packages) and you always
get new bug reports. I'd like that my successor
On 99-10-18 Torsten Landschoff wrote:
> On Sun, Oct 17, 1999 at 10:20:36AM +0200, Christian Kurz wrote:
> > This is a problem of update-alternatives and your personal
> > configuration. It seems like you put /usr/share/man on an other
> No, only update-alternatives.
Well, it didn't exactly chec
6 matches
Mail list logo
