Re: [Ginp-developers] Re: [SECUNIA] ginp security fix
Brought to you by:
burchbri,
dougculnane
Menu
▾
▴
Re: [Ginp-developers] Re: [SECUNIA] ginp security fix
|
From: Justin <ju...@ww...> - 2005-01-26 00:19:41
|
The fix between 0.20 and 0.21 that doug listed as a security fix was caused due to a bug in the use of the java preferences api that would cause java to not save preferences properly in some instances causing ginp to reset to an unconfigured state after the appserver was restarted. Users should upgrade as the bug could allow an attacker to browse pictures they weren't supposed to have access to. On Tue, 25 Jan 2005 15:00, Justin wrote: > > The fix was to keep people out of the setup application once it had > been configured. The fix was to the setup wizard code in cvs that had > not yet been released at the time the fix was made. > > On Tue, 25 Jan 2005 6:01, Doug Culnane wrote: >> Dear Thomas, >> >> Thanks for your mail. >> >> I will invite Justin to answer your mail has he understands this >> better than me. >> >> All the best, >> >> Doug >> >> >> Thomas Kristensen wrote: >> >>> Hi, >>> >>> We have noticed that you have made a "security fix". Is this >>> exploitable and if so who can exploit how and what is the impact? >>> >>> >> >> >> -- >> Doug Culnane >> do...@cu... >> www.culnane.net > > > ------------------------------------------------------- > This SF.Net email is sponsored by: IntelliVIEW -- Interactive Reporting > Tool for open source databases. Create drag-&-drop reports. Save time > by over 75%! Publish reports on the web. Export to DOC, XLS, RTF, etc. > Download a FREE copy at http://www.intelliview.com/go/osdn_nl > _______________________________________________ > Ginp-developers mailing list > Gin...@li... > https://lists.sourceforge.net/lists/listinfo/ginp-developers |
