[20459] in bugtraq
Re: Advisory for perl webserver
daemon@ATHENA.MIT.EDU (NESTING, DAVID M (SBCSI))
Thu Apr 26 05:06:41 2001
MIME-Version: 1.0
Content-Type: text/plain; charset="iso-8859-1"
Message-ID: <B165A21236E7D411A8B90002A52C587185D4E0@msgstl08.sbc.com>
Date: Wed, 25 Apr 2001 12:18:35 -0500
Reply-To: "NESTING, DAVID M (SBCSI)" <dn3723@SBC.COM>
From: "NESTING, DAVID M (SBCSI)" <dn3723@SBC.COM>
To: BUGTRAQ@SECURITYFOCUS.COM
> Tested to be vulnerable to the hex-encoded dot dot bug are:
> Perl Web Server v0.3
Do we really need to be seeing advisories on alpha versions of software that
is under active development? This is hardly a production-quality
application and even their own download statistics show that its
distribution has been very limited.
Furthermore, I don't see a bug report entry in their SourceForge project.
You did report this to them before you sent it to BugTraq, yes?
David
