httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Randy Terbush <ra...@zyzzyva.com>
Subject Re: util.c hole and speed of security patch release
Date Fri, 26 Apr 1996 02:18:29 GMT
> In reply to Jennifer Myers who said
> > 
> > 
> > Incidentally, I wrote to NASIRC yesterday (the originators of this
> > latest advisory) and they informed me that they noted the
> > presence of the same escape_shell_cmd() code in src/util.c as in
> > cgi-src/util.c, but did not examine the source code any further to
> > determine whether there was actually any vulnerability there.
> > (Seems that they really jumped the gun in posting the advisory.)
> 
> Exactly what I thought. Maybe we should ask them to post an addendum to
> allay all the unecessary fear they caused.
> 
> Undermines any credibility they have as a security alerting service.

I think there is good reason to contact them regarding this "alert".




Mime
View raw message