Bug 427663 (CVE-2007-6612)
| Summary: | CVE-2007-6612 mongrel: "DirHandler" Directory Traversal Vulnerability | ||
|---|---|---|---|
| Product: | [Other] Security Response | Reporter: | Lubomir Kundrak <lkundrak> |
| Component: | vulnerability | Assignee: | Red Hat Product Security <security-response-team> |
| Status: | CLOSED NOTABUG | QA Contact: | |
| Severity: | high | Docs Contact: | |
| Priority: | high | ||
| Version: | unspecified | CC: | sseago |
| Target Milestone: | --- | Keywords: | Security |
| Target Release: | --- | ||
| Hardware: | All | ||
| OS: | Linux | ||
| URL: | http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-6612 | ||
| Whiteboard: | |||
| Fixed In Version: | Doc Type: | Bug Fix | |
| Doc Text: | Story Points: | --- | |
| Clone Of: | Environment: | ||
| Last Closed: | 2008-01-15 14:46:12 UTC | Type: | --- |
| Regression: | --- | Mount Type: | --- |
| Documentation: | --- | CRM: | |
| Verified Versions: | Category: | --- | |
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
| Cloudforms Team: | --- | Target Upstream Version: | |
| Embargoed: | |||
|
Description
Lubomir Kundrak
2008-01-06 12:47:10 UTC
As this bug was introduced in 1.0.4 (1.0.3 and earlier are not susceptible), the current fedora package (which is at 1.0.1) is not vulnerable. I will upgrade the packages to 1.0.5 or 1.1.3 when I get the chance, though, Thanks Scott for clarification. As versions shipped in Fedora are not affected by this issue, we will not be tracking this as security issue and I'm closing this bug. If you decide to update to newer version in Fedora, please submit such update as enhancement, unless some other (future) security issue will be addressed there. |