-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Format: 1.7 Date: Sun, 13 Jan 2002 21:43:54 -0500 Source: cgiemail Binary: cgiemail Architecture: source i386 Version: 1.6-9 Distribution: unstable Urgency: high Maintainer: Debian QA Group <packages@qa.debian.org> Changed-By: Thomas Smith <tgs@debian.org> Description: cgiemail - CGI Form-to-Mail converter Changes: cgiemail (1.6-9) unstable; urgency=high . * Fixed one of two major security holes. I am going to orphan the package now, because I am not up to fixing the other one. Fixed one is line 185 of cgilibcso.c, and I am not sure if I got it quite right (it should be safe though). Unfixed one is that attackers can read your cgi scripts, which may contain sensitive data. * This is all Bug#129104, but it does not close it as there is the other hole. Files: 640435d741ec2c7d0fccbf2c3c2a26eb 563 web optional cgiemail_1.6-9.dsc 5a39f3b5615296ac833952cab01ab747 10251 web optional cgiemail_1.6-9.diff.gz d39cc6d474e3172bc4c02b71bb83ff49 28544 web optional cgiemail_1.6-9_i386.deb -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.6 (GNU/Linux) iEYEARECAAYFAjxCSIwACgkQ/xuE/qyrqB57UQCgztr5UMTJZN8FIAm6j1Mugxsw /QkAoLhetQZubVKKlSSXKovjI8tABXRR =M7Q/ -----END PGP SIGNATURE----- Installed: cgiemail_1.6-9.diff.gz to pool/main/c/cgiemail/cgiemail_1.6-9.diff.gz cgiemail_1.6-9.dsc to pool/main/c/cgiemail/cgiemail_1.6-9.dsc cgiemail_1.6-9_i386.deb to pool/main/c/cgiemail/cgiemail_1.6-9_i386.deb