As of 15:30 PM Eastern Time, July 4, 2007, all existing versions of
slidePresenter were found to contain a security flaw in which certain
server-executable files may be written by an attacker having
write-access to the web server. Although no known flaws in
slidePresenter provide that access, I have no way of confirming the same
is true of all other services running on a web server.
Therefore, all archived versions of slidePresenter are being pulled from
the download site at sourceforge.net until this vulnerability has been
patched.
Existing slidePresenter users in shared hosting environments are
encouraged to discontinue use of slidePresenter until a patched version
can be installed.
I expect to have a patched version for the slidePresenter-0.30 branch
released by end of day on July 4, 2007. Users of previous versions will
be encouraged to upgrade to that patched 0.30 release.
Subscribers to the slides-announce list will be notified when patched
versions have been released.
--
Allen Shaw
Polymer (http://polymerdb.org)
slidePresenter (http://slides.sourceforge.net)
|
