Secunia wrongly claims 1.5 & 1.6 vulnerable to bug 213012 (Cookie Path Directory Traversal Vulnerability)

RESOLVED FIXED

Status

()

--
major
RESOLVED FIXED
15 years ago
14 years ago

People

(Reporter: caillon, Assigned: darin.moz)

Tracking

Trunk
Points:
---

Firefox Tracking Flags

(Not tracked)

Details

(Whiteboard: [sg:nse], URL)

Comment 1

15 years ago
isn't this identical to bug 213012? (the source, Martin O'Neal, is the same for
both advisories.)

if so, that advisory's information is incorrect. the bug was fixed in 1.4.1 and
1.5, so 1.5 and 1.6 are not vulnerable.

Comment 2

15 years ago
The source advisory for this bug
(http://www.corsaire.co.uk/advisories/c030712-001.txt) was released 20030712.
The bugs are identical.

"The advisory will be updated with further information when details about fixed
versions are acquired." We need to notify Secunia that their information is
wrong, and ask them to add 1.4.1+, 1.5+ to their list of browsers in which the
problem was fixed.
Can someone find contact details for them?  I looked on the advisory and wasn't
able to figure out where to mail to lay the smack down about 1.5 and 1.6 not
being vulnerable.  I'd like to get that notice fixed asap if that's really the case.
(Assignee)

Comment 4

15 years ago
there's some contact info here:

http://secunia.com/contact_secunia/?menu=info

Changelog:
2004-03-10: Added information about KDE/Konqueror fixes.
2004-03-11: Added information about Mozilla fixes.
Group: security
Status: NEW → RESOLVED
Last Resolved: 15 years ago
Resolution: --- → FIXED
Since bug 213012 covers the vulnerability itself I've taken the liberty of
changing the summary since this bug seems to be about getting Secunia to update
their advisory.
Summary: Cookie Path Directory Traversal Vulnerability → Secunia wrongly claims 1.5 & 1.6 vulnerable to bug 213012 (Cookie Path Directory Traversal Vulnerability)
Whiteboard: [sg:nse]
You need to log in before you can comment on or make changes to this bug.