Re: [Ginp-developers] Re: [SECUNIA] ginp security fix
Brought to you by:
burchbri,
dougculnane
Menu
▾
▴
Re: [Ginp-developers] Re: [SECUNIA] ginp security fix
|
From: Thomas K. <tk...@se...> - 2005-01-28 12:08:35
|
Hi, Thank you for providing us this information. We have issued SA13993 regarding this: http://secunia.com/SA13993 Kind regards, Thomas On Wed, 2005-01-26 at 01:19, Justin wrote: > The fix between 0.20 and 0.21 that doug listed as a security fix was > caused due to a bug in the use of the java preferences api that would > cause java to not save preferences properly in some instances causing > ginp to reset to an unconfigured state after the appserver was > restarted. Users should upgrade as the bug could allow an attacker to > browse pictures they weren't supposed to have access to. > > On Tue, 25 Jan 2005 15:00, Justin wrote: > > > > The fix was to keep people out of the setup application once it had > > been configured. The fix was to the setup wizard code in cvs that had > > not yet been released at the time the fix was made. > > > > On Tue, 25 Jan 2005 6:01, Doug Culnane wrote: > >> Dear Thomas, > >> > >> Thanks for your mail. > >> > >> I will invite Justin to answer your mail has he understands this > >> better than me. > >> > >> All the best, > >> > >> Doug > >> > >> > >> Thomas Kristensen wrote: > >> > >>> Hi, > >>> > >>> We have noticed that you have made a "security fix". Is this > >>> exploitable and if so who can exploit how and what is the impact? > >>> > >>> > >> > >> > >> -- > >> Doug Culnane > >> do...@cu... > >> www.culnane.net > > > > > > ------------------------------------------------------- > > This SF.Net email is sponsored by: IntelliVIEW -- Interactive Reporting > > Tool for open source databases. Create drag-&-drop reports. Save time > > by over 75%! Publish reports on the web. Export to DOC, XLS, RTF, etc. > > Download a FREE copy at http://www.intelliview.com/go/osdn_nl > > _______________________________________________ > > Ginp-developers mailing list > > Gin...@li... > > https://lists.sourceforge.net/lists/listinfo/ginp-developers -- Kind regards, Thomas Kristensen CTO Secunia Toldbodgade 37B 1253 Copenhagen K Denmark Tlf.: +45 7020 5144 Fax: +45 7020 5145 |
