From: mose <mo...@ti...> - 2006-05-30 14:28:41
|
le Tue, May 30, 2006 at 01:11:11PM +0200 par Javier Arantegui : > Hi! >=20 > One of my users has send me this link: >=20 > TikiWiki Multiple Cross-Site Scripting Vulnerabilities > http://www.securityfocus.com/bid/18143/info >=20 > Is this something I should worry about? - yes. Security team got a notice friday (from blwood), and=20 everything is already fixed in CVS.=20 A 1.9.4 version of tikiwiki will be realesed asap, including those fixes. For the ones in hurry, all fixes are done in tiki-setup_base.php, with better checks on vars. You can just get the file and replace yours: http://tikiwiki.cvs.sourceforge.net/*checkout*/tikiwiki/tiki/tiki-setup_bas= e.php?revision=3D1.78.2.37 cheers, mose >=20 > Javier >=20 >=20 > --=20 > Javier Ar=E1ntegui > Dept. Tecnologia de Alimentos / Dept. of Food Technology > Universitat de Lleida / University of Lleida (Spain) > =20 > Tel. +34 973702595 > Fax +34 973702596 > IM: Jabber - javier.arantegui (AT) jabberes.org > http://www.tecal.udl.es >=20 >=20 > ------------------------------------------------------- > All the advantages of Linux Managed Hosting--Without the Cost and Risk! > Fully trained technicians. The highest number of Red Hat certifications in > the hosting industry. Fanatical Support. Click to learn more > http://sel.as-us.falkag.net/sel?cmd=3Dlnk&kid=107521&bid$8729&dat=121642 > _______________________________________________ > Tikiwiki-users mailing list > Tik...@li... > https://lists.sourceforge.net/lists/listinfo/tikiwiki-users |