Actually, I'm going to guess that this is the changeset you're looking for: http://code.sixapart.com/trac/movabletype/changeset/3747/branches/fringale/lib/MT/App/Wizard.pm
Apparently, you could run the wizard even if the config existed which I SURMISE allowed you to run the config steps thereby possibly disclosing information about your server. By the way, I have to heartily agree with Dominic, security bug (especially) should be public after release so that administrators and mantainers have educated knowledge of the ways in which their non-updated systems are vulnerable. Mozilla, Apache and other open source projects handle this very well and should be looked upon for a decent model. Jay Allen Endevver Consulting (415) 702-0045 On Wed, Aug 19, 2009 at 1:44 PM, Dominic Hargreaves <[email protected]> wrote: > On Mon, Jul 27, 2009 at 11:56:37PM +0100, Dominic Hargreaves wrote: > > Is anyone able to help with any information and a confirmed patch > > for this issue which was reported with Movable Type before 4.261? > > > > My best guess is that it's > > > > > http://code.sixapart.com/trac/movabletype/changeset?new=3829%40branches%2Ffringale&old=3818%40branches%2Ffringale > > > > but any confirmation would be welcome. > > Can anyone help? Or maybe let me see the details of bug 100769? > > Any help Six Apart can give would be really useful - let me know if > there is a better way I (as a distro packager) can get in touch with > people about these sorts of things. > > Dominic. > > -- > Dominic Hargreaves | http://www.larted.org.uk/~dom/ > PGP key 5178E2A5 from the.earth.li (keyserver,web,email) > _______________________________________________ > MTOS-dev mailing list > [email protected] > http://www.sixapart.com/mailman/listinfo/mtos-dev >
