-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Format: 1.7
Date: Mon, 17 Mar 2003 20:12:07 +0100
Source: bonsai
Binary: bonsai
Architecture: s390
Version: 1.3+cvs20020224-1woody1
Distribution: stable-security
Urgency: high
Maintainer: s390 Build Daemon - Gerhard Tonn <buildd@debian01.zseries.org>
Changed-By: RĂ©mi Perrot <rperrot@debian.org>
Description:
bonsai - The famous Mozilla CVS query tool by web interface
Changes:
bonsai (1.3+cvs20020224-1woody1) stable-security; urgency=high
.
* Fix security bug that allow remote execution of command as www-data user
(see #142317 upstream bug).
* Fix security bug that cause absolute path disclosure (see #187230 upstream
bug).
* Fix security bug that makes Bonsai vulnerable to cross-site scripting
attacks (see #146244 and #163573 upstream bug).
* Access to parameters page isn't any more allowed without password (see
#45579 upstream bug)
Files:
fb6c638075c196104c7f445a65f1ac9c 154540 web extra bonsai_1.3+cvs20020224-1woody1_s390.deb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.1 (GNU/Linux)
iD8DBQE+dyKRW5ql+IAeqTIRAtGCAKCSKGmA4w3ImwZLKXQ8/kGiQBkL7ACfeBUm
DgxKZdbIlI5wkmGwTpBFzwQ=
=3oxd
-----END PGP SIGNATURE-----