[Popfile-announce] Patch Available: Password Vulnerability

SourceForge Headquarters 1320 Columbia Street Suite 310 San Diego, CA 92101 +1 (858) 422-6466

The password vulnerability I previously reported is being patched (by Sam)
for a small v0.18.2 release, but to get the fix in the hands of people ASAP
I am releasing a tiny patch that removes the problem.

This patch applies to the v0.18.1 Windows and Cross Platform versions and
consists of a replacement for the file HTML.pm which is found in the POPFile
directory in the subdirectory called UI.

1. Locate the file HTML.pm on your computer.  For Windows users this is
usually in C:\Program Files\POPFile\UI.  It is always in the UI subdirectory
of the directory POPFile was installed in.

2. Obtain the patch here: http://popfile.sourceforge.net/HTML.pm and save it
as HTML.pm on your computer.

3. Shutdown POPFile

4. Copy the HTML.pm you downloaded on top of the HTML.pm that was on your
machine.

5. Start POPFile

6. Visit any page on the POPFile UI and verify that at the bottom it says
v0.18.1 (PATCHED).  The word (PATCHED) indicates that you have installed
this security patch.

To read details of the vulnerability go here:
http://sourceforge.net/forum/forum.php?thread_id=872438&forum_id=213099.
Note the MOST users DO NOT need this patch and can safely wait for v0.18.2
or v0.19.0.  Please read the description of the problem to determine if you
need it.

John.