Is there a list we can subscribe to get notified of security updates? I'd like to have them forwarded to an email I check more often.
-Greg Clute On Mon, Feb 1, 2010 at 10:15 AM, Brion Vibber <br...@status.net> wrote: > Download links will be added to the alert page: > http://status.net/wiki/Security_alert_0000002 > > --------- > > All release versions of StatusNet (0.7.x, 0.8.x, 0.9.x) are subject to a > local file include vulnerability that makes it possible for an attacker to > read arbitrary files on the file system. The vulnerability is in the online > documentation system. > > Additionally, beta versions of StatusNet (0.9.x) are subject to a local file > include vulnerability in the system for sharing uploaded files in a private > site. > > Thanks to Mark Piper for identifying the first vulnerability and to Brion > Vibber for finding the similar second one. > > == News == > * 1 Feb 2010 09:00AM EST - vulnerability reported. > * 1 Feb 2010 10:30AM EST - vulnerability confirmed. > * 1 Feb 2010 12:00PM EST - fixes pushed to 0.7.x, 0.8.x, 0.9.x, master, > testing branches in Git. > * 1 Feb 2010 12:00PM EST - fixes pushed to status.net cloud service and > applied to all sites including identi.ca. > > == Fix == > > Currently fixes are available in all branches of the project on gitorious. > > New releases of all branches will be made available this afternoon EST. > > --------- > > > -- brion vibber (brion @ status.net) > Senior Software Architect > StatusNet, Inc. > San Francisco > _______________________________________________ > StatusNet-dev mailing list > StatusNet-dev@lists.status.net > http://lists.status.net/mailman/listinfo/statusnet-dev > _______________________________________________ StatusNet-dev mailing list StatusNet-dev@lists.status.net http://lists.status.net/mailman/listinfo/statusnet-dev
