[pkg-mt-om-devel] Bug#697666: movabletype-opensource: mt-upgrade.cgi vulnerability

Dominic Hargreaves dom at earth.li
Tue Jan 8 07:52:25 UTC 2013


Package: movabletype-opensource
Version: 4.3.8+dfsg-0+squeeze2
Severity: grave
Justification: remote command execution
Tags: security patch

----- Forwarded message from Takeshi Nick Osanai <tosanai at sixapart.com> -----

Date: Tue, 8 Jan 2013 11:26:38 +0900
From: Takeshi Nick Osanai <tosanai at sixapart.com>
To: mtos-dev <mtos-dev at ml.sixapart.com>
Subject: [Mtos-dev] Movable Type 4.38 patch to fix a known upgrading
	security issue
X-Spam-Status: No, score=-1.9 required=5.0 tests=BAYES_00 autolearn=ham
	version=3.3.1
X-Urchin-Spam-Score-Int: -18
X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.2

Dear MT community members,

Six Apart has found a security issue and fixed it in Movable Type 4.2
and MT 4.3.
For those of you who use Movable Type 4.2 and 4.3, Six Apart strongly
recommends that you upgrade to the latest released version of Movable
Type or execute the steps  written in below entry.
This vulnerability does not exist in Movable Type versions 5.0 or
later, including the latest Movable Type, version 5.2.2.

For more detail information, please see the entry.

http://www.movabletype.org/2013/01/movable_type_438_patch.html



-- 
------------------------------------------------------------------------
Takeshi "Nick" Osanai
Movable Type Product and Marketing Manager

Six Apart, Ltd.
tosanai at sixapart.com
http://www.movabletype.org
http://www.movabletype.jp
------------------------------------------------------------------------
_______________________________________________
Mtos-dev mailing list
Mtos-dev at ml.sixapart.com
http://ml.sixapart.com/mailman/listinfo/mtos-dev

----- End forwarded message -----

-- 
Dominic Hargreaves | http://www.larted.org.uk/~dom/
PGP key 5178E2A5 from the.earth.li (keyserver,web,email)



More information about the pkg-mt-om-devel mailing list