Date: Fri, 14 Mar 2003 17:04:56 +0000 (GMT) From: Jason Clifford <jason@ukpost.com> To: ports@freebsd.org Subject: Security update to p5-Business-OnlinePayment-WorldPay-Junior-1.03 Message-ID: <Pine.LNX.4.44.0303141700090.7831-100000@yeoshua.ukpost.com>
next in thread | raw e-mail | index | archive | help
I am the author of the perl module previously named Business-OnlinePayment-WorldPay-Junior-1.03. Please be advised that I have today made an important security update to the module to fix a serious, remotely exploitable, bug in the module. I have also renamed the module today to avoid namespace conflicts with the Business::OnlinePayment API. The current release of the module is Business::WorldPay::Junior 1.06 which you can obtain from CPAN (it may take a little while for CPAN's indexing to catch up). The security bug relates to a failure to verify that transactions match the test mode value for the recorded transaction and the callback from WorldPay. This failure makes it possible for a malicious user to alter a HTML page prior to visiting the WorldPay web site to pay the charge. There have been a couple of other bug fix releases since 1.03 was current. Jason Clifford -- UKFSN.ORG Finance Free Software while you surf the 'net http://www.ukfsn.org/ Get the T-Shirt Now To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-ports" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.LNX.4.44.0303141700090.7831-100000>