Date: Thu, 4 Dec 2003 10:53:39 +0100 From: Tilman Linneweh <arved@FreeBSD.org> To: Yen-Ming Lee <leeym@FreeBSD.org> Cc: ports-committers@FreeBSD.org Subject: Re: cvs commit: ports/www/MT distinfo Message-ID: <20031204095339.GA74875@huckfinn.arved.de> In-Reply-To: <200312040729.hB47TOQ5056511@repoman.freebsd.org> References: <200312040729.hB47TOQ5056511@repoman.freebsd.org>
index | next in thread | previous in thread | raw e-mail
[-- Attachment #1 --] * Yen-Ming Lee [Do, 04 Dez 2003 at 08:30 GMT]: > leeym 2003/12/03 23:29:24 PST > > FreeBSD ports repository > > Modified files: > www/MT distinfo > Log: > It seems that MASTER_SITES release rerolled distfile. > So, update md5 checksum correspondingly. > > Sorry, due to license, users can only fetch the distfile from MASTER_SITES > by themselves. Therefore I have no idea about what's different between > the latest distfile and the previous one. > I don't have the distfile either, but I guess what changed: http://www.movabletype.org/ ----------------------------------------------------------- Movable Type Spam Vulnerability 11.26.2003 The "Email this to a friend" functionality in the mt-send-entry.cgi script is vulnerable to being used by spammers to send spam messages. In principle, all "email this to a friend" programs are vulnerable to being used by spammers, because they allow the user to specify a To: address and a message body. But in practice, MT's implementation of this is not as robust as it should be, and a new version is available below. This fix is already included in all versions of MT 2.64 downloaded from today on. [..] The new version: * fixes a vulnerability that allows spammers to inject extra headers into messages; * removes the ability to send the message to multiple recipients; * restricts the message to 250 characters. All of these fixes serve to discourage the script being used by spammers. ------------------------------------------------------------- Someone please tell them how to use version numbers :-( regards arved [-- Attachment #2 --] -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.3 (FreeBSD) iD8DBQE/zwQifCLDn4B6xToRArrYAJ43DfEkoqUBQrUFwHDaE5jAqTNgegCdEVtV 3bUw20Em/SbuMJ6ebFrMG30= =YhOS -----END PGP SIGNATURE-----help
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20031204095339.GA74875>