cvs commit: ports/www/MT distinfo
Tilman Linneweh
arved at FreeBSD.org
Thu Dec 4 01:53:44 PST 2003
* Yen-Ming Lee [Do, 04 Dez 2003 at 08:30 GMT]:
> leeym 2003/12/03 23:29:24 PST
>
> FreeBSD ports repository
>
> Modified files:
> www/MT distinfo
> Log:
> It seems that MASTER_SITES release rerolled distfile.
> So, update md5 checksum correspondingly.
>
> Sorry, due to license, users can only fetch the distfile from MASTER_SITES
> by themselves. Therefore I have no idea about what's different between
> the latest distfile and the previous one.
>
I don't have the distfile either, but I guess what changed:
http://www.movabletype.org/
-----------------------------------------------------------
Movable Type Spam Vulnerability
11.26.2003
The "Email this to a friend" functionality in the mt-send-entry.cgi
script is vulnerable to being used by spammers to send spam messages.
In principle, all "email this to a friend" programs are vulnerable to
being used by spammers, because they allow the user to specify a To:
address and a message body. But in practice, MT's implementation of
this is not as robust as it should be, and a new version is
available below.
This fix is already included in all versions of MT 2.64 downloaded
from today on.
[..]
The new version:
* fixes a vulnerability that allows spammers to inject extra headers into messages;
* removes the ability to send the message to multiple recipients;
* restricts the message to 250 characters.
All of these fixes serve to discourage the script being used by spammers.
-------------------------------------------------------------
Someone please tell them how to use version numbers :-(
regards
arved
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 187 bytes
Desc: not available
Url : http://lists.freebsd.org/pipermail/cvs-all/attachments/20031204/fe92ca19/attachment.bin
More information about the cvs-all
mailing list