[Bug 228763] CVE-2007-0894: mediawiki full path disclosure
bugzilla at redhat.com
bugzilla at redhat.com
Wed Feb 14 21:45:42 UTC 2007
Please do not reply directly to this email. All additional
comments should be made in the comments box of this bug report.
Summary: CVE-2007-0894: mediawiki full path disclosure
https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=228763
Axel.Thimm at ATrpms.net changed:
What |Removed |Added
----------------------------------------------------------------------------
Status|NEW |ASSIGNED
------- Additional Comments From Axel.Thimm at ATrpms.net 2007-02-14 16:45 EST -------
Thanks for the heads-up (1.8.3 should be vulerable as well, it was probably
forgotten in the list of vulnerable versions).
Indeed for the package we aren't losing any more information than the attacker
would already know (unless he doesn't even know he's attacking a Fedora server).
For F7 upwards (and most possibly backporting to FC6/FC5) the code and data are
being separated (code moves to %{_datadir}), so there won't be any direct
requests possible at all. But this still needs some testing in F7/devel.
--
Configure bugmail: https://bugzilla.redhat.com/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are on the CC list for the bug, or are watching someone who is.
More information about the Fedora-security-list
mailing list