Re: Advisory for perl webserver

From: NESTING, DAVID M (SBCSI) (dn3723at_private)
Date: Wed Apr 25 2001 - 10:18:35 PDT

Next message: Nicolas Gregoire: "Re: Double clicking on innocent looking files may be dangerous"

Previous message: Linux Mandrake Security Team: "MDKSA-2001:042 - nedit update"
Maybe in reply to: neme-dhcat_private: "Advisory for perl webserver"
Next in thread: neme-dhcat_private: "Re: Advisory for perl webserver"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

> Tested to be vulnerable to the hex-encoded dot dot bug are:
> Perl Web Server v0.3

Do we really need to be seeing advisories on alpha versions of software that
is under active development?  This is hardly a production-quality
application and even their own download statistics show that its
distribution has been very limited.

Furthermore, I don't see a bug report entry in their SourceForge project.
You did report this to them before you sent it to BugTraq, yes?

David

Next message: Nicolas Gregoire: "Re: Double clicking on innocent looking files may be dangerous"
Previous message: Linux Mandrake Security Team: "MDKSA-2001:042 - nedit update"
Maybe in reply to: neme-dhcat_private: "Advisory for perl webserver"
Next in thread: neme-dhcat_private: "Re: Advisory for perl webserver"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Thu Apr 26 2001 - 02:05:31 PDT