1. 10 Oct, 2012 1 commit
    • Hugh Davenport's avatar
      Remove clamav from site admin options · 4736778a
      Hugh Davenport authored
      Bug #1057238
      CVE-2012-2244
      
      When a site administrator can manipulate the path for the
      clamav scanner, they could produce either a reverse shell,
      or allow any user to execute arbitrary remote commands by
      setting it to an uploaded reverse shell, or to /bin/bash
      respectively.
      
      Other executable paths, namely pathtozip, and pathtounzip
      are only set via config.php, and not through the site admin
      interface. This option, pathtoclam, should follow the same
      design.
      
      Change-Id: I7d4822c9f54eda80682d6631699c1ab40f1dc896
      Signed-off-by: default avatarHugh Davenport <hugh@catalyst.net.nz>
      4736778a
  2. 05 Oct, 2012 1 commit
  3. 30 Sep, 2012 1 commit
  4. 27 Sep, 2012 3 commits
  5. 26 Sep, 2012 4 commits
  6. 24 Sep, 2012 6 commits
  7. 17 Sep, 2012 6 commits
  8. 16 Sep, 2012 3 commits
  9. 13 Sep, 2012 2 commits
  10. 11 Sep, 2012 5 commits
  11. 10 Sep, 2012 8 commits