jonc at webmaint
Sep 22, 2005, 3:02 PM
Post #1 of 1
(1665 views)
Permalink
|
|
Important: Security flaw found in Interchange demo catalog.
|
|
A security flaw has been discovered in the Interchange demo catalog which
allows an arbitary user to inject Interchange Tag Language (ITL) into the
forum/submit.html page. This affects catalogs built on the 'mike' demo and
the 'standard' demo included with Interchange from version 4.9.3
(development) and 5.0 (stable).
The Interchange Development Group recommends that all vulnerable catalogs
are immediately patched with the updated version of the forum/submit.html
file. Alternatively, if the forum feature is not being used, the page can
safely be removed. Whether or not the forum feature is being used, this page
should be patched or removed.
Updated releases of Interchange: 5.0.2 and 5.2.1 are available, RPM versions
will follow.
http://ftp.icdevgroup.org/interchange/5.0/tar/
http://ftp.icdevgroup.org/interchange/5.2/tar/
The daily build will be updated as of 23 September.
Jonathan Clark
on behalf of ICDEVGROUP.
_______________________________________________
interchange-announce mailing list
interchange-announce[at]icdevgroup.org
http://www.icdevgroup.org/mailman/listinfo/interchange-announce
|
