Hi,
Thank you for providing us this information.
We have issued SA13993 regarding this:
http://secunia.com/SA13993
Kind regards,
Thomas
On Wed, 2005-01-26 at 01:19, Justin wrote:
> The fix between 0.20 and 0.21 that doug listed as a security fix was
> caused due to a bug in the use of the java preferences api that would
> cause java to not save preferences properly in some instances causing
> ginp to reset to an unconfigured state after the appserver was
> restarted. Users should upgrade as the bug could allow an attacker to
> browse pictures they weren't supposed to have access to.
>
> On Tue, 25 Jan 2005 15:00, Justin wrote:
> >
> > The fix was to keep people out of the setup application once it had
> > been configured. The fix was to the setup wizard code in cvs that had
> > not yet been released at the time the fix was made.
> >
> > On Tue, 25 Jan 2005 6:01, Doug Culnane wrote:
> >> Dear Thomas,
> >>
> >> Thanks for your mail.
> >>
> >> I will invite Justin to answer your mail has he understands this
> >> better than me.
> >>
> >> All the best,
> >>
> >> Doug
> >>
> >>
> >> Thomas Kristensen wrote:
> >>
> >>> Hi,
> >>>
> >>> We have noticed that you have made a "security fix". Is this
> >>> exploitable and if so who can exploit how and what is the impact?
> >>>
> >>>
> >>
> >>
> >> --
> >> Doug Culnane
> >> do...@cu...
> >> www.culnane.net
> >
> >
> > -------------------------------------------------------
> > This SF.Net email is sponsored by: IntelliVIEW -- Interactive Reporting
> > Tool for open source databases. Create drag-&-drop reports. Save time
> > by over 75%! Publish reports on the web. Export to DOC, XLS, RTF, etc.
> > Download a FREE copy at http://www.intelliview.com/go/osdn_nl
> > _______________________________________________
> > Ginp-developers mailing list
> > Gin...@li...
> > https://lists.sourceforge.net/lists/listinfo/ginp-developers
--
Kind regards,
Thomas Kristensen
CTO
Secunia
Toldbodgade 37B
1253 Copenhagen K
Denmark
Tlf.: +45 7020 5144
Fax: +45 7020 5145
|
