-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Format: 1.7 Date: Mon, 17 Mar 2003 20:12:07 +0100 Source: bonsai Binary: bonsai Architecture: alpha Version: 1.3+cvs20020224-1woody1 Distribution: stable-security Urgency: high Maintainer: Debian/Alpha Build Daemon Changed-By: Rémi Perrot Description: bonsai - The famous Mozilla CVS query tool by web interface Changes: bonsai (1.3+cvs20020224-1woody1) stable-security; urgency=high . * Fix security bug that allow remote execution of command as www-data user (see #142317 upstream bug). * Fix security bug that cause absolute path disclosure (see #187230 upstream bug). * Fix security bug that makes Bonsai vulnerable to cross-site scripting attacks (see #146244 and #163573 upstream bug). * Access to parameters page isn't any more allowed without password (see #45579 upstream bug) Files: fcb8ac72eece822427c7510ced4e21c4 154504 web extra bonsai_1.3+cvs20020224-1woody1_alpha.deb -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.1 (GNU/Linux) iD8DBQE+dyKBW5ql+IAeqTIRApeUAKCnJEPt7ReG/frdGLdjuV4fcRsFtQCaAo3K s8KrBv1lPxyrtPeFI+eoE8c= =44Qc -----END PGP SIGNATURE-----