Please do not reply directly to this email. All additional comments should be made in the comments box of this bug report. Summary: CVE-2007-0894: mediawiki full path disclosure https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=228763 Axel.Thimm@xxxxxxxxxx changed: What |Removed |Added ---------------------------------------------------------------------------- Status|NEW |ASSIGNED ------- Additional Comments From Axel.Thimm@xxxxxxxxxx 2007-02-14 16:45 EST ------- Thanks for the heads-up (1.8.3 should be vulerable as well, it was probably forgotten in the list of vulnerable versions). Indeed for the package we aren't losing any more information than the attacker would already know (unless he doesn't even know he's attacking a Fedora server). For F7 upwards (and most possibly backporting to FC6/FC5) the code and data are being separated (code moves to %{_datadir}), so there won't be any direct requests possible at all. But this still needs some testing in F7/devel. -- Configure bugmail: https://bugzilla.redhat.com/bugzilla/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug, or are watching someone who is. -- Fedora-security-list mailing list Fedora-security-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/fedora-security-list
