Jeroen van Wolffelaar wrote:
> > Having /usr/share/$package for the include files and
> > /var/lib/$package for the executable PHP scripts that should be linked
> > into the web server.
>
> Eh, that's now how squirrelmail works. All stock php files are in
> /usr/share/$package, and that's also wha
On Sat, Apr 30, 2005 at 07:55:31AM +0200, Martin Schulze wrote:
> Hans Spaans wrote:
> > Martin Schulze wrote:
> > > Hey!
> > >
> > > What do people on this list think about fixing PHP include files in a
> > > DSA that are accessible via HTTP as well and contain one bug or
> > > another as they ar
To: Isaac
I was checking my email and saw this advertisement in it. just like you I =
was thinking this stuff will
not work its all a gimmic.. but even with my other half telling me im wast=
ing my money I went ahead
and purchased it. and I can tell you right now with a straight face im big=
g
On Thu, Apr 28, 2005 at 03:45:48PM +0200, Jeroen van Wolffelaar wrote:
> It'd be wise for those projects to take the extra precaution by allowing
> (and the Debian maintainer to do so) include files outside the web root,
> but to DSA for such a thing when there might not even be a vulnerability
> a
Martin Schulze schrieb:
> No. Include files should be vhost-agnostic. If they aren't, a lot
> has gone wrong during implementation. It should be sufficient to just
> install the accessible PHP files a second time and maybe adjust the
> database or other local storage, i.e. a differend config fi
Hi,
> CAN-2003-0826
>
> Bennett Todd discovered a heap buffer overflow in lshd which could
> lead to the execution of arbitrary code.
This vulnerability was reported 18 months ago. Is it possible to know:
- why it wasn't fixed in the meantime
-how it was found out it hadn't been done?
I
6 matches
Mail list logo
