Thanks I've subscribed to the notification service as well!
Kola >> -----Original Message----- >> From: Lucas Sherwood [mailto:[EMAIL PROTECTED]] >> Sent: 13 January 2003 09:47 >> To: '[EMAIL PROTECTED]' >> Subject: RE: [ cf-dev ] Fw: New Macromedia Security Zone Bulletins Posted >> >> Umm... >> Yes and no... >> >> Yes, the updater (2) installs most of them but there are some after the >> updater... >> >> L. >> >> -----Original Message----- >> From: Kola Oyedeji [mailto:[EMAIL PROTECTED]] >> Sent: 13 January 2003 09:25 >> To: [EMAIL PROTECTED] >> Subject: RE: [ cf-dev ] Fw: New Macromedia Security Zone Bulletins Posted >> >> Lucas >> >> Thanks for the link. I wasn't aware so many patches had been released >> for CFMX. Are these included in any of the updaters or do these need to >> be applied along with the updaters? >> >> >> Thanks >> >> Kola >> >> >> -----Original Message----- >> >> From: Lucas Sherwood [mailto:[EMAIL PROTECTED]] >> >> Sent: 11 January 2003 09:52 >> >> To: [EMAIL PROTECTED] >> >> Subject: [ cf-dev ] Fw: New Macromedia Security Zone Bulletins Posted >> >> >> >> I don't know how many of you subscribe to the security zone mailing >> list >> >> but >> >> if you are an ISP this one is of interest... >> >> >> >> L. >> >> ----- Original Message ----- >> >> From: "Macromedia Security Zone" <[EMAIL PROTECTED]> >> >> To: <[EMAIL PROTECTED]> >> >> Sent: Friday, January 10, 2003 4:56 PM >> >> Subject: New Macromedia Security Zone Bulletins Posted >> >> >> >> >> >> > >> >> > ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ >> >> > IMPORTANT: >> >> > >> >> > Several security issues that may affect Macromedia JRun >> >> > and ColdFusion customers have come to our attention >> >> > recently. >> >> > >> >> > To learn about these new issues and what actions you can >> >> > take to address them, please visit the Security Zone at >> >> > the Macromedia website: >> >> > >> >> > http://www.macromedia.com/security >> >> > ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ >> >> > >> >> > MSPB03-01 - Patch available for ColdFusion MX Enterprise >> >> > Edition sandbox security issue that allows templates to >> >> > include arbitrary files. >> >> > >> >> > Originally Posted: January 9, 2003 >> >> > ~~~~~~~ >> >> > SUMMARY >> >> > >> >> > The <cfinclude> tag and the <cfmodule> tag will accept >> >> > filenames with relative paths as arguments. CFMX does >> >> > not check the Sandbox Security Files/Dirs permissions >> >> > before including files with these tags. This could >> >> > allow a template to access unauthorized data using >> >> > these tags. >> >> > >> >> > This does not affect any prior versions of ColdFusion. >> >> > >> >> > ~~~~~~~ >> >> > WHAT CUSTOMERS SHOULD DO: >> >> > >> >> > >> >> > We strongly encourage customers to download and install >> >> > this patch immediately. >> >> > >> >> > >> >> > ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ >> >> > Reporting Security Issues >> >> > ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ >> >> > >> >> > Macromedia is committed to addressing security issues and >> >> > providing customers with the information on how they can >> >> > protect themselves. If you identify what you believe may >> >> > be a security issue with a Macromedia product, please >> >> > send an e-mail to [EMAIL PROTECTED] We will work to >> >> > appropriately address and communicate the issue. >> >> > >> >> > ~~~~~~~ >> >> > Receiving Security Bulletins: >> >> > >> >> > When Macromedia becomes aware of a security issue that we >> >> > believe significantly affects our products or customers, >> >> > we will notify customers when appropriate. Typically, this >> >> > notification will be in the form of a security bulletin >> >> > explaining the issue and the response. Macromedia customers >> >> > who would like to receive notification of new security >> >> > bulletins when they are released can sign up for our >> >> > security notification service. >> >> > >> >> > For additional information on security issues at Macromedia, >> >> > please visit the Security Zone at: >> >> > >> >> > http://www.macromedia.com/security >> >> > >> >> > ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ >> >> > THE INFORMATION PROVIDED BY MACROMEDIA IN THIS BULLETIN >> >> > IS PROVIDED "AS IS" WITHOUT WARRANTY OF ANY KIND. >> >> > MACROMEDIA AND ITS SUPPLIERS DISCLAIM ALL WARRANTIES, >> >> > WHETHER EXPRESS OR IMPLIED OR OTHERWISE, INCLUDING THE >> >> > WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A >> >> > PARTICULAR PURPOSE. ALSO, THERE IS NO WARRANTY OF >> >> > NON-INFRINGEMENT, TITLE OR QUIET ENJOYMENT. (USA ONLY) >> >> > SOME STATES DO NOT ALLOW THE EXCLUSION OF IMPLIED >> >> > WARRANTIES, SO THE ABOVE EXCLUSION MAY NOT APPLY TO YOU. >> >> > >> >> > IN NO EVENT SHALL MACROMEDIA, INC. OR ITS SUPPLIERS BE >> >> > LIABLE FOR ANY DAMAGES WHATSOEVER INCLUDING, WITHOUT >> >> > LIMITATION, DIRECT, INDIRECT, INCIDENTAL, CONSEQUENTIAL, >> >> > SPECIAL, PUNITIVE, COVER, LOSS OF PROFITS, BUSINESS >> >> > INTERRUPTION OR THE LIKE, OR LOSS OF BUSINESS DAMAGES, >> >> > BASED ON ANY THEORY OF LIABILITY INCLUDING BREACH OF >> >> > CONTRACT, BREACH OF WARRANTY, TORT(INCLUDING NEGLIGENCE), >> >> > PRODUCT LIABILITY OR OTHERWISE, EVEN IF MACROMEDIA, INC. >> >> > OR ITS SUPPLIERS OR THEIR REPRESENTATIVES HAVE BEEN >> >> > ADVISED OF THE POSSIBILITY OF SUCH DAMAGES. (USA ONLY) >> >> > SOME STATES DO NOT ALLOW THE EXCLUSION OR LIMITATION OF >> >> > LIABILITY FOR CONSEQUENTIAL OR INCIDENTAL DAMAGES, SO THE >> >> > ABOVE EXCLUSION OR LIMITATION MAY NOT APPLY TO YOU AND >> >> > YOU MAY ALSO HAVE OTHER LEGAL RIGHTS THAT VARY FROM STATE >> >> > TO STATE. >> >> > >> >> > Macromedia reserves the right to update the information in >> >> > this document with current information. >> >> > >> >> >> >> >> >> -- >> >> ** Archive: >> http://www.mail-archive.com/dev%40lists.cfdeveloper.co.uk/ >> >> >> >> To unsubscribe, e-mail: [EMAIL PROTECTED] >> >> For additional commands, e-mail: [EMAIL PROTECTED] >> >> For human help, e-mail: [EMAIL PROTECTED] >> >> >> -- >> ** Archive: http://www.mail-archive.com/dev%40lists.cfdeveloper.co.uk/ >> >> To unsubscribe, e-mail: [EMAIL PROTECTED] >> For additional commands, e-mail: [EMAIL PROTECTED] >> For human help, e-mail: [EMAIL PROTECTED] >> >> -- >> ** Archive: http://www.mail-archive.com/dev%40lists.cfdeveloper.co.uk/ >> >> To unsubscribe, e-mail: [EMAIL PROTECTED] >> For additional commands, e-mail: [EMAIL PROTECTED] >> For human help, e-mail: [EMAIL PROTECTED] -- ** Archive: http://www.mail-archive.com/dev%40lists.cfdeveloper.co.uk/ To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] For human help, e-mail: [EMAIL PROTECTED]
