Package: movabletype-opensource Version: 4.3.8+dfsg-0+squeeze2 Severity: grave Justification: remote command execution Tags: security patch
----- Forwarded message from Takeshi Nick Osanai <[email protected]> ----- Date: Tue, 8 Jan 2013 11:26:38 +0900 From: Takeshi Nick Osanai <[email protected]> To: mtos-dev <[email protected]> Subject: [Mtos-dev] Movable Type 4.38 patch to fix a known upgrading security issue X-Spam-Status: No, score=-1.9 required=5.0 tests=BAYES_00 autolearn=ham version=3.3.1 X-Urchin-Spam-Score-Int: -18 X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.2 Dear MT community members, Six Apart has found a security issue and fixed it in Movable Type 4.2 and MT 4.3. For those of you who use Movable Type 4.2 and 4.3, Six Apart strongly recommends that you upgrade to the latest released version of Movable Type or execute the steps written in below entry. This vulnerability does not exist in Movable Type versions 5.0 or later, including the latest Movable Type, version 5.2.2. For more detail information, please see the entry. http://www.movabletype.org/2013/01/movable_type_438_patch.html -- ------------------------------------------------------------------------ Takeshi "Nick" Osanai Movable Type Product and Marketing Manager Six Apart, Ltd. [email protected] http://www.movabletype.org http://www.movabletype.jp ------------------------------------------------------------------------ _______________________________________________ Mtos-dev mailing list [email protected] http://ml.sixapart.com/mailman/listinfo/mtos-dev ----- End forwarded message ----- -- Dominic Hargreaves | http://www.larted.org.uk/~dom/ PGP key 5178E2A5 from the.earth.li (keyserver,web,email) -- To UNSUBSCRIBE, email to [email protected] with a subject of "unsubscribe". Trouble? Contact [email protected]
