[Git][security-tracker-team/security-tracker][master] Update information for ancient CVE-2006-3360/pypsysinfo

Salvatore Bonaccorso (@carnil) carnil at debian.org
Thu Jan 12 19:39:09 GMT 2023



Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
db60257a by Salvatore Bonaccorso at 2023-01-12T20:38:30+01:00
Update information for ancient CVE-2006-3360/pypsysinfo

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -601078,9 +601078,10 @@ CVE-2006-3362 (Unrestricted file upload vulnerability in connectors/php/connecto
 CVE-2006-3361 (PHP remote file inclusion vulnerability in Stud.IP 1.3.0-2 and earlier ...)
 	NOT-FOR-US: Stud.IP
 CVE-2006-3360 (Directory traversal vulnerability in index.php in phpSysInfo 2.5.1 all ...)
-	- phpsysinfo <unfixed> (unimportant)
+	- phpsysinfo 3.2.5-3 (unimportant)
 	- egroupware <unfixed> (unimportant)
 	- phpgroupware <unfixed> (unimportant)
+	NOTE: https://github.com/phpsysinfo/phpsysinfo/commit/60b5bbb5d1cc17f44050e99a3e746f55a4fd4e18 (v3.2.5)
 	NOTE: Only the existence of files inside the WWW root is leaked. If this is
 	NOTE: a threat to your setup you most probably shouldn't install a script which
 	NOTE: exposes all your system data, either.



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/db60257af5ba6985bdc6b9fcbbfd8c9993b01542

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/db60257af5ba6985bdc6b9fcbbfd8c9993b01542
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20230112/885f3734/attachment.htm>


More information about the debian-security-tracker-commits mailing list