thank you both for clarification
julius
V Streda, 13. október 2010 o 11:48 -0700, mdipierro napísal(a):
> I have seen previous "security reports" from them about PyForum. Those
> that I have checked were bogus.
>
> Massimo
>
> On Oct 13, 11:55 am, Julio Schwarzbeck <[email protected]> wrote:
> > Hi this is Julio, pyforum author. I just wanted to clarify a few
> > things here.
> >
> > On Dec 9, 2009, I was contacted by this
> > "Nam Nguyen" from bluemoon.com.vn (Viet Nam) domain.
> >
> > This gentleman stated that he had "discovered" several XSS
> > vulnerabilities in pyforum, and in order to "disclose" them to me, I
> > had to enter in some kind of agreement with him (read: pay him money)
> > my "punishment" for not complying with this would result in spreading
> > this information around (I guess his "security firm" does not carry
> > enough weight so he needed to go to the usual channels, secunia being
> > one of them.
> >
> > After more than a year he has failed to provide even one simple proof
> > of concept so I can potentially fix.
> >
> > All of this leads me to believe that such vulnerability indeed does
> > not exist and that these individual's intentions were no other than
> > trying to dishonestly obtain monetary gains.
> >
> > pyforum is open source software and its source code is available for
> > anyone to view.
> >
> > Hope this clarifies the issue, Cheers,
> >
> > Julio F Schwarzbeck.
> >
> > On Oct 12, 9:12 am, Julius Minka <[email protected]> wrote:
> >
> > > There is security issue reported here:http://secunia.com/advisories/37764
> >
> > > Is any fix available?
> > > Are there any plans to further develop pyforum?
> > > I am asking because I am considering pyforum as a base for bigger
> > > communication app.
> >
> >
