Okay Any idea what is and is not covered by the second updater or is it safe to assume that any patches released after the release date of updater 2 are not included?
Thanks Kola >> -----Original Message----- >> From: Lucas Sherwood [mailto:[EMAIL PROTECTED]] >> Sent: 14 January 2003 12:31 >> To: '[EMAIL PROTECTED]' >> Subject: RE: [ cf-dev ] Fw: New Macromedia Security Zone Bulletins Posted >> >> ok to use microsoft speak... >> >> macromedia microsoft >> update service pack >> patch hotfix >> >> does that help? >> We don't do autoupdate as that is just not appropriate to production >> environments. >> >> L. >> -----Original Message----- >> From: Snake Hollywood [mailto:[EMAIL PROTECTED]] >> Sent: 13 January 2003 18:52 >> To: [EMAIL PROTECTED] >> Subject: RE: [ cf-dev ] Fw: New Macromedia Security Zone Bulletins Posted >> >> So again we come to the question, what is the point of the update if it >> doesn't update itself and any othe rupdate sthat come out after it. >> >> >> >> > -----Original Message----- >> > From: Lucas Sherwood [mailto:[EMAIL PROTECTED]] >> > Sent: 13 January 2003 09:47 >> > To: '[EMAIL PROTECTED]' >> > Subject: RE: [ cf-dev ] Fw: New Macromedia Security Zone >> > Bulletins Posted >> > >> > >> > Umm... >> > Yes and no... >> > >> > Yes, the updater (2) installs most of them but there are some >> > after the updater... >> > >> > L. >> > >> > -----Original Message----- >> > From: Kola Oyedeji [mailto:[EMAIL PROTECTED]] >> > Sent: 13 January 2003 09:25 >> > To: [EMAIL PROTECTED] >> > Subject: RE: [ cf-dev ] Fw: New Macromedia Security Zone >> > Bulletins Posted >> > >> > Lucas >> > >> > Thanks for the link. I wasn't aware so many patches had been >> > released for CFMX. Are these included in any of the updaters >> > or do these need to be applied along with the updaters? >> > >> > >> > Thanks >> > >> > Kola >> > >> > >> -----Original Message----- >> > >> From: Lucas Sherwood [mailto:[EMAIL PROTECTED]] >> > >> Sent: 11 January 2003 09:52 >> > >> To: [EMAIL PROTECTED] >> > >> Subject: [ cf-dev ] Fw: New Macromedia Security Zone >> > Bulletins Posted >> > >> >> > >> I don't know how many of you subscribe to the security zone mailing >> > list >> > >> but >> > >> if you are an ISP this one is of interest... >> > >> >> > >> L. >> > >> ----- Original Message ----- >> > >> From: "Macromedia Security Zone" <[EMAIL PROTECTED]> >> > >> To: <[EMAIL PROTECTED]> >> > >> Sent: Friday, January 10, 2003 4:56 PM >> > >> Subject: New Macromedia Security Zone Bulletins Posted >> > >> >> > >> >> > >> > >> > >> > ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ >> > >> > IMPORTANT: >> > >> > >> > >> > Several security issues that may affect Macromedia JRun and >> > >> > ColdFusion customers have come to our attention recently. >> > >> > >> > >> > To learn about these new issues and what actions you can take to >> > >> > address them, please visit the Security Zone at the Macromedia >> > >> > website: >> > >> > >> > >> > http://www.macromedia.com/security >> > >> > ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ >> > >> > >> > >> > MSPB03-01 - Patch available for ColdFusion MX >> > Enterprise Edition >> > >> > sandbox security issue that allows templates to include >> > arbitrary >> > >> > files. >> > >> > >> > >> > Originally Posted: January 9, 2003 >> > >> > ~~~~~~~ >> > >> > SUMMARY >> > >> > >> > >> > The <cfinclude> tag and the <cfmodule> tag will accept filenames >> > >> > with relative paths as arguments. CFMX does not check >> > the Sandbox >> > >> > Security Files/Dirs permissions before including files >> > with these >> > >> > tags. This could allow a template to access unauthorized data >> > >> > using these tags. >> > >> > >> > >> > This does not affect any prior versions of ColdFusion. >> > >> > >> > >> > ~~~~~~~ >> > >> > WHAT CUSTOMERS SHOULD DO: >> > >> > >> > >> > >> > >> > We strongly encourage customers to download and install >> > this patch >> > >> > immediately. >> > >> > >> > >> > >> > >> > ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ >> > >> > Reporting Security Issues >> > >> > ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ >> > >> > >> > >> > Macromedia is committed to addressing security issues >> > and providing >> > >> > customers with the information on how they can protect >> > themselves. >> > >> > If you identify what you believe may be a security issue with a >> > >> > Macromedia product, please send an e-mail to >> > [EMAIL PROTECTED] >> > >> > We will work to appropriately address and communicate the issue. >> > >> > >> > >> > ~~~~~~~ >> > >> > Receiving Security Bulletins: >> > >> > >> > >> > When Macromedia becomes aware of a security issue that >> > we believe >> > >> > significantly affects our products or customers, we will notify >> > >> > customers when appropriate. Typically, this notification >> > will be in >> > >> > the form of a security bulletin explaining the issue and the >> > >> > response. Macromedia customers who would like to receive >> > >> > notification of new security bulletins when they are >> > released can >> > >> > sign up for our security notification service. >> > >> > >> > >> > For additional information on security issues at >> > Macromedia, please >> > >> > visit the Security Zone at: >> > >> > >> > >> > http://www.macromedia.com/security >> > >> > >> > >> > ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ >> > >> > THE INFORMATION PROVIDED BY MACROMEDIA IN THIS BULLETIN >> > >> > IS PROVIDED "AS IS" WITHOUT WARRANTY OF ANY KIND. MACROMEDIA AND >> > >> > ITS SUPPLIERS DISCLAIM ALL WARRANTIES, WHETHER EXPRESS >> > OR IMPLIED >> > >> > OR OTHERWISE, INCLUDING THE WARRANTIES OF MERCHANTABILITY AND >> > >> > FITNESS FOR A PARTICULAR PURPOSE. ALSO, THERE IS NO WARRANTY OF >> > >> > NON-INFRINGEMENT, TITLE OR QUIET ENJOYMENT. (USA ONLY) >> > >> > SOME STATES DO NOT ALLOW THE EXCLUSION OF IMPLIED >> > >> > WARRANTIES, SO THE ABOVE EXCLUSION MAY NOT APPLY TO YOU. >> > >> > >> > >> > IN NO EVENT SHALL MACROMEDIA, INC. OR ITS SUPPLIERS BE >> > LIABLE FOR >> > >> > ANY DAMAGES WHATSOEVER INCLUDING, WITHOUT LIMITATION, DIRECT, >> > >> > INDIRECT, INCIDENTAL, CONSEQUENTIAL, SPECIAL, PUNITIVE, >> > COVER, LOSS >> > >> > OF PROFITS, BUSINESS INTERRUPTION OR THE LIKE, OR LOSS >> > OF BUSINESS >> > >> > DAMAGES, BASED ON ANY THEORY OF LIABILITY INCLUDING BREACH OF >> > >> > CONTRACT, BREACH OF WARRANTY, TORT(INCLUDING NEGLIGENCE), >> > >> > PRODUCT LIABILITY OR OTHERWISE, EVEN IF MACROMEDIA, INC. >> > >> > OR ITS SUPPLIERS OR THEIR REPRESENTATIVES HAVE BEEN >> > >> > ADVISED OF THE POSSIBILITY OF SUCH DAMAGES. (USA ONLY) >> > >> > SOME STATES DO NOT ALLOW THE EXCLUSION OR LIMITATION OF >> > >> > LIABILITY FOR CONSEQUENTIAL OR INCIDENTAL DAMAGES, SO THE >> > >> > ABOVE EXCLUSION OR LIMITATION MAY NOT APPLY TO YOU AND >> > >> > YOU MAY ALSO HAVE OTHER LEGAL RIGHTS THAT VARY FROM STATE >> > >> > TO STATE. >> > >> > >> > >> > Macromedia reserves the right to update the information in this >> > >> > document with current information. >> > >> > >> > >> >> > >> >> > >> -- >> > >> ** Archive: >> > http://www.mail-archive.com/dev%40lists.cfdeveloper.co.uk/ >> > >> >> > >> To unsubscribe, e-mail: [EMAIL PROTECTED] >> > >> For additional commands, e-mail: >> > [EMAIL PROTECTED] For >> > >> human help, e-mail: [EMAIL PROTECTED] >> > >> > >> > -- >> > ** Archive: http://www.mail-archive.com/dev%40lists.cfdeveloper.co.uk/ >> > >> > To unsubscribe, e-mail: [EMAIL PROTECTED] >> > For additional commands, e-mail: >> > [EMAIL PROTECTED] For human help, e-mail: >> > [EMAIL PROTECTED] >> > >> > -- >> > ** Archive: http://www.mail-archive.com/dev%40lists.cfdeveloper.co.uk/ >> > >> > To unsubscribe, e-mail: [EMAIL PROTECTED] >> > For additional commands, e-mail: >> > [EMAIL PROTECTED] For human help, e-mail: >> > [EMAIL PROTECTED] >> > >> > >> >> >> >> -- >> ** Archive: http://www.mail-archive.com/dev%40lists.cfdeveloper.co.uk/ >> >> To unsubscribe, e-mail: [EMAIL PROTECTED] >> For additional commands, e-mail: [EMAIL PROTECTED] >> For human help, e-mail: [EMAIL PROTECTED] >> >> -- >> ** Archive: http://www.mail-archive.com/dev%40lists.cfdeveloper.co.uk/ >> >> To unsubscribe, e-mail: [EMAIL PROTECTED] >> For additional commands, e-mail: [EMAIL PROTECTED] >> For human help, e-mail: [EMAIL PROTECTED] -- ** Archive: http://www.mail-archive.com/dev%40lists.cfdeveloper.co.uk/ To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] For human help, e-mail: [EMAIL PROTECTED]
