Remi Perrot fixed several security related bugs in bonsai, the Mozilla CVS
query tool by web interface. Vulnerabilities include arbitrary code
execution, cross-site scripting and access to configuration parameters.
The Common Vulnerabilities and Exposures project identifies the following
problems:
CAN-2003-0152 - Remote execution of arbitrary commands as www-data
CAN-2003-0153 - Absolute path disclosure
CAN-2003-0154 - Cross site scriptiong attacks
CAN-2003-0155 - Unauthenticated access to parameters page
