From owner-cvs-ports@FreeBSD.ORG Thu Dec 4 01:53:44 2003 Return-Path: Delivered-To: cvs-ports@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id AE90316A4CE; Thu, 4 Dec 2003 01:53:44 -0800 (PST) Received: from 21322530218.direct.eti.at (21322530218.direct.eti.at [213.225.30.218]) by mx1.FreeBSD.org (Postfix) with ESMTP id 090D043FAF; Thu, 4 Dec 2003 01:53:42 -0800 (PST) (envelope-from tilman@arved.de) Received: from huckfinn.arved.de (localhost [127.0.0.1]) hB49reBU075190; Thu, 4 Dec 2003 10:53:40 +0100 (CET) (envelope-from tilman@arved.de) Received: (from tilman@localhost) by huckfinn.arved.de (8.12.10/8.12.6/Submit) id hB49re0O075189; Thu, 4 Dec 2003 10:53:40 +0100 (CET) X-Authentication-Warning: huckfinn.arved.de: tilman set sender to tilman@arved.de using -f Date: Thu, 4 Dec 2003 10:53:39 +0100 From: Tilman Linneweh To: Yen-Ming Lee Message-ID: <20031204095339.GA74875@huckfinn.arved.de> References: <200312040729.hB47TOQ5056511@repoman.freebsd.org> Mime-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="7AUc2qLy4jB3hD7Z" Content-Disposition: inline In-Reply-To: <200312040729.hB47TOQ5056511@repoman.freebsd.org> User-Agent: Mutt/1.4.1i cc: cvs-ports@FreeBSD.org cc: cvs-all@FreeBSD.org cc: ports-committers@FreeBSD.org Subject: Re: cvs commit: ports/www/MT distinfo X-BeenThere: cvs-ports@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: CVS commit messages for the ports tree List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 04 Dec 2003 09:53:44 -0000 --7AUc2qLy4jB3hD7Z Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable * Yen-Ming Lee [Do, 04 Dez 2003 at 08:30 GMT]: > leeym 2003/12/03 23:29:24 PST > > FreeBSD ports repository > > Modified files: > www/MT distinfo=20 > Log: > It seems that MASTER_SITES release rerolled distfile. > So, update md5 checksum correspondingly. > =20 > Sorry, due to license, users can only fetch the distfile from MASTER_SI= TES > by themselves. Therefore I have no idea about what's different between > the latest distfile and the previous one. > I don't have the distfile either, but I guess what changed: http://www.movabletype.org/ ----------------------------------------------------------- Movable Type Spam Vulnerability 11.26.2003 The "Email this to a friend" functionality in the mt-send-entry.cgi=20 script is vulnerable to being used by spammers to send spam messages.=20 In principle, all "email this to a friend" programs are vulnerable to=20 being used by spammers, because they allow the user to specify a To:=20 address and a message body. But in practice, MT's implementation of=20 this is not as robust as it should be, and a new version is=20 available below. This fix is already included in all versions of MT 2.64 downloaded=20 from today on. =20 [..] The new version: * fixes a vulnerability that allows spammers to inject extra headers in= to messages; * removes the ability to send the message to multiple recipients; * restricts the message to 250 characters. All of these fixes serve to discourage the script being used by spammers. ------------------------------------------------------------- Someone please tell them how to use version numbers :-( regards arved --7AUc2qLy4jB3hD7Z Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.3 (FreeBSD) iD8DBQE/zwQifCLDn4B6xToRArrYAJ43DfEkoqUBQrUFwHDaE5jAqTNgegCdEVtV 3bUw20Em/SbuMJ6ebFrMG30= =YhOS -----END PGP SIGNATURE----- --7AUc2qLy4jB3hD7Z--