Hi, About openacs and dotlrn packages, I don't think they are affected by any of the Xinha vulnerabilities [1][2][3]. The summary says:
"Xinha ships with several plugins that utilize PHP scripting for special usage, like the ImageManager or ExtendedFileManager. A 0-day security exploit has been reported available as of today that exploits the functionality of these plugins to upload malicious files to your webspace, to execute foreign code." [4] It seems a PHP problem, and the proposed fix is just to remove a bunch of php files, so I guess the packages are safe because they don't use PHP at all, as well as the aolserver package. There is no way to execute that PHP code on openacs or dotlrn. [1] http://security-tracker.debian.org/tracker/CVE-2011-1133 [2] http://security-tracker.debian.org/tracker/CVE-2011-1134 [3] http://security-tracker.debian.org/tracker/CVE-2011-1135 [4] http://blog.s9y.org/archives/224-Important-Security-Update-Serendipity-1.5.5-released.html Cheers, Héctor -- To UNSUBSCRIBE, email to [email protected] with a subject of "unsubscribe". Trouble? Contact [email protected]
