Peter: I'm actually going to wait until they contact me. I read about the XSS vuln and their apparent lack of resolution for the issue. (http://www.1337day.com/exploits/15369)
Vathral: I figured out how exploited our instance by looking through the source and mucking about. I'm actually surprised that it wasn't found long ago. :( I even wrote a quick step-by-step to both duplicate the issue(log in as an admin) and a patch to the source. The patch however would show the exploit fairly easily so I'm concerned about releasing that detail. _______________________________________________ To unsubscribe, edit your list preferences, or view the list archives, please visit: http://list.valvesoftware.com/mailman/listinfo/hlds_linux
