Date: Thu, 4 Dec 2003 10:53:39 +0100 From: Tilman Linneweh <arved@FreeBSD.org> To: Yen-Ming Lee <leeym@FreeBSD.org> Cc: ports-committers@FreeBSD.org Subject: Re: cvs commit: ports/www/MT distinfo Message-ID: <20031204095339.GA74875@huckfinn.arved.de> In-Reply-To: <200312040729.hB47TOQ5056511@repoman.freebsd.org> References: <200312040729.hB47TOQ5056511@repoman.freebsd.org>
next in thread | previous in thread | raw e-mail | index | archive | help
--7AUc2qLy4jB3hD7Z Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable * Yen-Ming Lee [Do, 04 Dez 2003 at 08:30 GMT]: > leeym 2003/12/03 23:29:24 PST > > FreeBSD ports repository > > Modified files: > www/MT distinfo=20 > Log: > It seems that MASTER_SITES release rerolled distfile. > So, update md5 checksum correspondingly. > =20 > Sorry, due to license, users can only fetch the distfile from MASTER_SI= TES > by themselves. Therefore I have no idea about what's different between > the latest distfile and the previous one. > I don't have the distfile either, but I guess what changed: http://www.movabletype.org/ ----------------------------------------------------------- Movable Type Spam Vulnerability 11.26.2003 The "Email this to a friend" functionality in the mt-send-entry.cgi=20 script is vulnerable to being used by spammers to send spam messages.=20 In principle, all "email this to a friend" programs are vulnerable to=20 being used by spammers, because they allow the user to specify a To:=20 address and a message body. But in practice, MT's implementation of=20 this is not as robust as it should be, and a new version is=20 available below. This fix is already included in all versions of MT 2.64 downloaded=20 from today on. =20 [..] The new version: * fixes a vulnerability that allows spammers to inject extra headers in= to messages; * removes the ability to send the message to multiple recipients; * restricts the message to 250 characters. All of these fixes serve to discourage the script being used by spammers. ------------------------------------------------------------- Someone please tell them how to use version numbers :-( regards arved --7AUc2qLy4jB3hD7Z Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.3 (FreeBSD) iD8DBQE/zwQifCLDn4B6xToRArrYAJ43DfEkoqUBQrUFwHDaE5jAqTNgegCdEVtV 3bUw20Em/SbuMJ6ebFrMG30= =YhOS -----END PGP SIGNATURE----- --7AUc2qLy4jB3hD7Z--
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20031204095339.GA74875>