[Koha-bugs] [Bug 6628] [security] help system use insecure REFERRER for file inclusion
bugzilla-daemon at bugs.koha-community.org
bugzilla-daemon at bugs.koha-community.org
Mon Nov 28 10:09:39 CET 2011
http://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=6628
Paul Poulain <paul.poulain at biblibre.com> changed:
What |Removed |Added
----------------------------------------------------------------------------
Status|NEW |ASSIGNED
CC| |paul.poulain at biblibre.com
Version|unspecified |rel_3_6
Patch Status|Signed Off |Patch Pushed
AssignedTo|gmcharlt at gmail.com |chris at bigballofwax.co.nz
Severity|critical |normal
--- Comment #6 from Paul Poulain <paul.poulain at biblibre.com> 2011-11-28 09:09:39 UTC ---
This vulnerability would allow anyone reading any .tt file on the server. As
/etc/password is not ending by .tt, this problem is much less critical than the
6629 one !
That's why, Katrin, you didn't see any difference before and after applying the
patch.
The fix is usefull though, as it's a vulnerability, so it's pushed.
Patch pushed, please test
--
Configure bugmail: http://bugs.koha-community.org/bugzilla3/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the QA Contact for the bug.
You are watching all bug changes.
More information about the Koha-bugs
mailing list