Closed
Bug 187230
Opened 22 years ago
Closed 21 years ago
[SECURITY] Physical path to files revealed in error messages
Categories
(Webtools Graveyard :: Bonsai, defect)
Webtools Graveyard
Bonsai
Tracking
(Not tracked)
RESOLVED
FIXED
People
(Reporter: justdave, Assigned: tara)
References
()
Details
Attachments
(1 file)
1.27 KB,
patch
|
timeless
:
review+
|
Details | Diff | Splinter Review |
See the URL for bugtraq posting. "Currently we are not aware of any vendor-supplied patches for this issue. If you feel we are in error or are aware of more recent information, please mail us at: vuldb@securityfocus.com <mailto:vuldb@securityfocus.com>." not setting security flag because this is already publicly disclosed.
Assignee | ||
Updated•21 years ago
|
Status: NEW → ASSIGNED
Assignee | ||
Comment 1•21 years ago
|
||
In the case of the error message in cvsview2.cgi, I've removed the CVSROOT information, which creates the potential hazard, but left the relative path to the path/dir itself alone. In multidiff.cgi, I've stripped full patch information returned by rcs diff and left just the file name.
Comment on attachment 117011 [details] [diff] [review] removing fully qualified path information from public display the indentation of multidiff is bad - tabs
Attachment #117011 -
Flags: review+
Assignee | ||
Comment 3•21 years ago
|
||
Checked in the patch.
Status: ASSIGNED → RESOLVED
Closed: 21 years ago
Resolution: --- → FIXED
Updated•8 years ago
|
Product: Webtools → Webtools Graveyard
You need to log in
before you can comment on or make changes to this bug.
Description
•