From owner-freebsd-ports  Fri Mar 14  9: 5:11 2003
Delivered-To: freebsd-ports@freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id 2DD8937B405
	for <ports@freebsd.org>; Fri, 14 Mar 2003 09:05:10 -0800 (PST)
Received: from mail.ukpost.com (ns0.ukpost.com [217.158.120.130])
	by mx1.FreeBSD.org (Postfix) with ESMTP id CA38343FDD
	for <ports@freebsd.org>; Fri, 14 Mar 2003 09:05:08 -0800 (PST)
	(envelope-from jason@ukpost.com)
Received: from mail.ukpost.com (mail.ukpost.com [217.158.120.132])
	by mail.ukpost.com (Postfix) with ESMTP id 6AF6F1F8003
	for <ports@freebsd.org>; Fri, 14 Mar 2003 17:04:56 +0000 (GMT)
Date: Fri, 14 Mar 2003 17:04:56 +0000 (GMT)
From: Jason Clifford <jason@ukpost.com>
To: ports@freebsd.org
Subject: Security update to p5-Business-OnlinePayment-WorldPay-Junior-1.03
Message-ID: <Pine.LNX.4.44.0303141700090.7831-100000@yeoshua.ukpost.com>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Sender: owner-freebsd-ports@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-ports.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo@FreeBSD.ORG?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo@FreeBSD.ORG?subject=subscribe%20freebsd-ports>
List-Unsubscribe: <mailto:majordomo@FreeBSD.ORG?subject=unsubscribe%20freebsd-ports>
X-Loop: FreeBSD.org

I am the author of the perl module previously named 
Business-OnlinePayment-WorldPay-Junior-1.03.

Please be advised that I have today made an important security update to 
the module to fix a serious, remotely exploitable, bug in the module.

I have also renamed the module today to avoid namespace conflicts with the 
Business::OnlinePayment API.

The current release of the module is Business::WorldPay::Junior 1.06 which 
you can obtain from CPAN (it may take a little while for CPAN's indexing 
to catch up).

The security bug relates to a failure to verify that transactions match 
the test mode value for the recorded transaction and the callback from 
WorldPay. This failure makes it possible for a malicious user to alter a 
HTML page prior to visiting the WorldPay web site to pay the charge.

There have been a couple of other bug fix releases since 1.03 was current.

Jason Clifford
-- 
UKFSN.ORG		Finance Free Software while you surf the 'net
http://www.ukfsn.org/		Get the T-Shirt Now


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-ports" in the body of the message