[Fedora-directory-devel] Please review: bug 174837: CVE-2005-3630 use of IFRAME exposes password from adm.conf for users
Richard Megginson
rmeggins at redhat.com
Wed Dec 7 19:46:25 UTC 2005
https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=174837
Bug(s) fixed: 174837
Bug Description: CVE-2005-3630 use of IFRAME exposes password from
adm.conf for users
Reviewed by: ???
Files: https://bugzilla.redhat.com/bugzilla/attachment.cgi?id=121993
Branch: HEAD
Fix Description: Just use the existing Apache security mechanisms to
deny access to everything by default, then allow access to certain
directories. In addition, there is a patch file I've checked in which
can apply these diffs to an existing FDS 1.0 installtion. I've changed
the packaging makefile to package the patch file into the setup
directory where it will be used to patch an upgrade install of FDS 1.0.1
on top of FDS 1.0.
Platforms tested: Fedora Core 4
Flag Day: no
Doc impact: no
QA impact: should be covered by regular nightly and manual testing
New Tests integrated into TET: none
https://bugzilla.redhat.com/bugzilla/attachment.cgi?id=121994
More information about the Fedora-directory-devel
mailing list