[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Potential security issue with LedgerSMB (inherited from SL)

Seems like a good candidate for Bugtraq :-)  But figured I would suggest waiting until later this week when we have a tentative timeline for the next release so we can coordinate a fix.  We can even send Dieter a patch as a goodwill gesture.

Best Wishes,
Chris Travers

On 9/11/06, Richard Patterson < ..hidden..> wrote:
Chris Travers wrote:
> Ok.  We need to fix the directory transversal bug.  This is a really
> bad thing.
> However, I think that the response to the rest of it should be simply
> to document that the addition of new paths under bin is deprecated and
> will be removed in the future so people don't make use this.
> Best Wishes,
> Chris Travers
BTW, due to the hostile nature of most of the users in the SL list, i
have only posted this here...


Richard Patterson          HelpQuick Limited
Tel: 0191 2582888          Fax: 0191 6408666
Jabber chat:  ..hidden..
Web:     http://www.helpquick.co.uk

Using Tomcat but need to do more? Need to support web services, security?
Get stuff done quickly with pre-integrated technology to make your job easier
Download IBM WebSphere Application Server v.1.0.1 based on Apache Geronimo
Ledger-smb-devel mailing list