So again we come to the question, what is the point of the update if it doesn't update itself and any othe rupdate sthat come out after it.
> -----Original Message----- > From: Lucas Sherwood [mailto:[EMAIL PROTECTED]] > Sent: 13 January 2003 09:47 > To: '[EMAIL PROTECTED]' > Subject: RE: [ cf-dev ] Fw: New Macromedia Security Zone > Bulletins Posted > > > Umm... > Yes and no... > > Yes, the updater (2) installs most of them but there are some > after the updater... > > L. > > -----Original Message----- > From: Kola Oyedeji [mailto:[EMAIL PROTECTED]] > Sent: 13 January 2003 09:25 > To: [EMAIL PROTECTED] > Subject: RE: [ cf-dev ] Fw: New Macromedia Security Zone > Bulletins Posted > > Lucas > > Thanks for the link. I wasn't aware so many patches had been > released for CFMX. Are these included in any of the updaters > or do these need to be applied along with the updaters? > > > Thanks > > Kola > > >> -----Original Message----- > >> From: Lucas Sherwood [mailto:[EMAIL PROTECTED]] > >> Sent: 11 January 2003 09:52 > >> To: [EMAIL PROTECTED] > >> Subject: [ cf-dev ] Fw: New Macromedia Security Zone > Bulletins Posted > >> > >> I don't know how many of you subscribe to the security zone mailing > list > >> but > >> if you are an ISP this one is of interest... > >> > >> L. > >> ----- Original Message ----- > >> From: "Macromedia Security Zone" <[EMAIL PROTECTED]> > >> To: <[EMAIL PROTECTED]> > >> Sent: Friday, January 10, 2003 4:56 PM > >> Subject: New Macromedia Security Zone Bulletins Posted > >> > >> > >> > > >> > ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ > >> > IMPORTANT: > >> > > >> > Several security issues that may affect Macromedia JRun and > >> > ColdFusion customers have come to our attention recently. > >> > > >> > To learn about these new issues and what actions you can take to > >> > address them, please visit the Security Zone at the Macromedia > >> > website: > >> > > >> > http://www.macromedia.com/security > >> > ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ > >> > > >> > MSPB03-01 - Patch available for ColdFusion MX > Enterprise Edition > >> > sandbox security issue that allows templates to include > arbitrary > >> > files. > >> > > >> > Originally Posted: January 9, 2003 > >> > ~~~~~~~ > >> > SUMMARY > >> > > >> > The <cfinclude> tag and the <cfmodule> tag will accept filenames > >> > with relative paths as arguments. CFMX does not check > the Sandbox > >> > Security Files/Dirs permissions before including files > with these > >> > tags. This could allow a template to access unauthorized data > >> > using these tags. > >> > > >> > This does not affect any prior versions of ColdFusion. > >> > > >> > ~~~~~~~ > >> > WHAT CUSTOMERS SHOULD DO: > >> > > >> > > >> > We strongly encourage customers to download and install > this patch > >> > immediately. > >> > > >> > > >> > ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ > >> > Reporting Security Issues > >> > ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ > >> > > >> > Macromedia is committed to addressing security issues > and providing > >> > customers with the information on how they can protect > themselves. > >> > If you identify what you believe may be a security issue with a > >> > Macromedia product, please send an e-mail to > [EMAIL PROTECTED] > >> > We will work to appropriately address and communicate the issue. > >> > > >> > ~~~~~~~ > >> > Receiving Security Bulletins: > >> > > >> > When Macromedia becomes aware of a security issue that > we believe > >> > significantly affects our products or customers, we will notify > >> > customers when appropriate. Typically, this notification > will be in > >> > the form of a security bulletin explaining the issue and the > >> > response. Macromedia customers who would like to receive > >> > notification of new security bulletins when they are > released can > >> > sign up for our security notification service. > >> > > >> > For additional information on security issues at > Macromedia, please > >> > visit the Security Zone at: > >> > > >> > http://www.macromedia.com/security > >> > > >> > ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ > >> > THE INFORMATION PROVIDED BY MACROMEDIA IN THIS BULLETIN > >> > IS PROVIDED "AS IS" WITHOUT WARRANTY OF ANY KIND. MACROMEDIA AND > >> > ITS SUPPLIERS DISCLAIM ALL WARRANTIES, WHETHER EXPRESS > OR IMPLIED > >> > OR OTHERWISE, INCLUDING THE WARRANTIES OF MERCHANTABILITY AND > >> > FITNESS FOR A PARTICULAR PURPOSE. ALSO, THERE IS NO WARRANTY OF > >> > NON-INFRINGEMENT, TITLE OR QUIET ENJOYMENT. (USA ONLY) > >> > SOME STATES DO NOT ALLOW THE EXCLUSION OF IMPLIED > >> > WARRANTIES, SO THE ABOVE EXCLUSION MAY NOT APPLY TO YOU. > >> > > >> > IN NO EVENT SHALL MACROMEDIA, INC. OR ITS SUPPLIERS BE > LIABLE FOR > >> > ANY DAMAGES WHATSOEVER INCLUDING, WITHOUT LIMITATION, DIRECT, > >> > INDIRECT, INCIDENTAL, CONSEQUENTIAL, SPECIAL, PUNITIVE, > COVER, LOSS > >> > OF PROFITS, BUSINESS INTERRUPTION OR THE LIKE, OR LOSS > OF BUSINESS > >> > DAMAGES, BASED ON ANY THEORY OF LIABILITY INCLUDING BREACH OF > >> > CONTRACT, BREACH OF WARRANTY, TORT(INCLUDING NEGLIGENCE), > >> > PRODUCT LIABILITY OR OTHERWISE, EVEN IF MACROMEDIA, INC. > >> > OR ITS SUPPLIERS OR THEIR REPRESENTATIVES HAVE BEEN > >> > ADVISED OF THE POSSIBILITY OF SUCH DAMAGES. (USA ONLY) > >> > SOME STATES DO NOT ALLOW THE EXCLUSION OR LIMITATION OF > >> > LIABILITY FOR CONSEQUENTIAL OR INCIDENTAL DAMAGES, SO THE > >> > ABOVE EXCLUSION OR LIMITATION MAY NOT APPLY TO YOU AND > >> > YOU MAY ALSO HAVE OTHER LEGAL RIGHTS THAT VARY FROM STATE > >> > TO STATE. > >> > > >> > Macromedia reserves the right to update the information in this > >> > document with current information. > >> > > >> > >> > >> -- > >> ** Archive: > http://www.mail-archive.com/dev%40lists.cfdeveloper.co.uk/ > >> > >> To unsubscribe, e-mail: [EMAIL PROTECTED] > >> For additional commands, e-mail: > [EMAIL PROTECTED] For > >> human help, e-mail: [EMAIL PROTECTED] > > > -- > ** Archive: http://www.mail-archive.com/dev%40lists.cfdeveloper.co.uk/ > > To unsubscribe, e-mail: [EMAIL PROTECTED] > For additional commands, e-mail: > [EMAIL PROTECTED] For human help, e-mail: > [EMAIL PROTECTED] > > -- > ** Archive: http://www.mail-archive.com/dev%40lists.cfdeveloper.co.uk/ > > To unsubscribe, e-mail: [EMAIL PROTECTED] > For additional commands, e-mail: > [EMAIL PROTECTED] For human help, e-mail: > [EMAIL PROTECTED] > > -- ** Archive: http://www.mail-archive.com/dev%40lists.cfdeveloper.co.uk/ To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] For human help, e-mail: [EMAIL PROTECTED]
