Bug 223648
| Summary: | squirrelmail ships with .orig files | ||||||
|---|---|---|---|---|---|---|---|
| Product: | [Fedora] Fedora | Reporter: | Daniel Hokka Zakrisson <daniel> | ||||
| Component: | squirrelmail | Assignee: | Warren Togami <wtogami> | ||||
| Status: | CLOSED CURRENTRELEASE | QA Contact: | |||||
| Severity: | medium | Docs Contact: | |||||
| Priority: | medium | ||||||
| Version: | 6 | CC: | wtogami | ||||
| Target Milestone: | --- | ||||||
| Target Release: | --- | ||||||
| Hardware: | All | ||||||
| OS: | Linux | ||||||
| Whiteboard: | |||||||
| Fixed In Version: | squirrelmail-1.4.8-5 | Doc Type: | Bug Fix | ||||
| Doc Text: | Story Points: | --- | |||||
| Clone Of: | Environment: | ||||||
| Last Closed: | 2007-01-29 17:23:51 UTC | Type: | --- | ||||
| Regression: | --- | Mount Type: | --- | ||||
| Documentation: | --- | CRM: | |||||
| Verified Versions: | Category: | --- | |||||
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |||||
| Cloudforms Team: | --- | Target Upstream Version: | |||||
| Embargoed: | |||||||
| Attachments: |
|
||||||
|
Description
Daniel Hokka Zakrisson
2007-01-21 07:26:15 UTC
Created attachment 146078 [details]
Patch to get rid of the files
> This doesn't cause any problems, it just looks bad.
Just as I hit commit, I realized that these files can be used to exploit the
vulnerabilities the patches are meant to address.
Are you sure they can be? I haven't tried exploiting it, but the files are accessible and do create the expected output. Try accessing e.g. /webmail/src/right_main.php.orig. |