-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Format: 1.7 Date: Wed, 10 Aug 2005 02:29:26 +0100 Source: cgiwrap Binary: php-cgiwrap cgiwrap Architecture: source i386 Version: 3.9-3.1 Distribution: unstable Urgency: high Maintainer: Pierre Machard <pmachard@debian.org> Changed-By: Neil McGovern <neilm@debian.org> Description: cgiwrap - allows ordinary users to run their own CGI scripts php-cgiwrap - allows ordinary users to run their own CGI scripts and adds suppo Closes: 316881 316901 Changes: cgiwrap (3.9-3.1) unstable; urgency=high . * Non-maintainer upload - Fixes security bugs Minimum UID now includes all system users (closes: #316881) CGIs can be used to disclose system information (closes: #316901) + Do not generate verbose messages which might be used to disclose valid usernames. + Do not install the debugging CGI invocations as they might provide sensitive server information. (compiled using --without-cgiwrapd) Files: cfb2b064ae7f29ea3695c6b86292f385 576 web optional cgiwrap_3.9-3.1.dsc aa8168cff6134cdf7f1fba8ab31b30ea 43409 web optional cgiwrap_3.9-3.1.diff.gz 046b6cdc03d69d9ee6f5d10f72d57333 47902 web optional cgiwrap_3.9-3.1_i386.deb da6e90cfc918ef8b42de79345a995ad9 47422 web optional php-cgiwrap_3.9-3.1_i386.deb -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.1 (GNU/Linux) iD8DBQFC+fgP97LBwbNFvdMRAia7AJkBV0wTvXf7rBlXUs6cisJzhw8joACcDvNk UBtRHKp0FLd6IPMj2MOlmwk= =SW58 -----END PGP SIGNATURE----- Accepted: cgiwrap_3.9-3.1.diff.gz to pool/main/c/cgiwrap/cgiwrap_3.9-3.1.diff.gz cgiwrap_3.9-3.1.dsc to pool/main/c/cgiwrap/cgiwrap_3.9-3.1.dsc cgiwrap_3.9-3.1_i386.deb to pool/main/c/cgiwrap/cgiwrap_3.9-3.1_i386.deb php-cgiwrap_3.9-3.1_i386.deb to pool/main/c/cgiwrap/php-cgiwrap_3.9-3.1_i386.deb -- To UNSUBSCRIBE, email to debian-devel-changes-REQUEST@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org