Hi, If you use Movabletype from Debian stable, you may be exposed to a possible SQL injection attack and remote code execution attack, as described at
http://www.movabletype.org/2013/01/movable_type_438_patch.html There is an update in the pipeline as discussed in http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=697666 but you may wish to temporarily disable access to mt-upgrade.cgi (which should not affect normal operation of MT) until this is released. Dominic. -- Dominic Hargreaves | http://www.larted.org.uk/~dom/ PGP key 5178E2A5 from the.earth.li (keyserver,web,email) -- To UNSUBSCRIBE, email to [email protected] with a subject of "unsubscribe". Trouble? Contact [email protected] Archive: http://lists.debian.org/[email protected]
