Hi, On Fri, 25.04.2008 at 19:21:16 +0200, Andreas Unterkircher <[EMAIL PROTECTED]> wrote: > Just want to confirm that my roundup installation also stopped working > after the security update - the same symptoms like Floris described.
> I was able to fix it like it was described by Floris, but for me it was > on the line 1749 (the whole file has 2698 lines). thanks... I'm terribly sorry for the mistake, and guess I have created a fix (tested yesterday or so by Floris) which is to say "escape=1" instead of the original "escape=0" in the offending position (your line number is correct, Floris' not). Could you please try to see if running with "escape=1" works for you as well? My reading of the source code suggests to me that running with escape=0 most likely re-opens the XSS problem that I meant to fix, so I'd prefer to say "escape=1", or a sound statement by someone who can read the code better than me, that my concern is unfounded... I've notified the security team yesterday about the breakage, and expect to go through the DSA release procedure again. Currently, I'm waiting for an answer from them. Kind regards, --Toni++ -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]