Package: movabletype-opensource
Version: 4.3.8+dfsg-0+squeeze2
Severity: grave
Justification: remote command execution
Tags: security patch
----- Forwarded message from Takeshi Nick Osanai <tosa...@sixapart.com> -----
Date: Tue, 8 Jan 2013 11:26:38 +0900
From: Takeshi Nick Osanai <tosa...@sixapart.com>
To: mtos-dev <mtos-...@ml.sixapart.com>
Subject: [Mtos-dev] Movable Type 4.38 patch to fix a known upgrading
security issue
X-Spam-Status: No, score=-1.9 required=5.0 tests=BAYES_00 autolearn=ham
version=3.3.1
X-Urchin-Spam-Score-Int: -18
X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.2
Dear MT community members,
Six Apart has found a security issue and fixed it in Movable Type 4.2
and MT 4.3.
For those of you who use Movable Type 4.2 and 4.3, Six Apart strongly
recommends that you upgrade to the latest released version of Movable
Type or execute the steps written in below entry.
This vulnerability does not exist in Movable Type versions 5.0 or
later, including the latest Movable Type, version 5.2.2.
For more detail information, please see the entry.
http://www.movabletype.org/2013/01/movable_type_438_patch.html
--
------------------------------------------------------------------------
Takeshi "Nick" Osanai
Movable Type Product and Marketing Manager
Six Apart, Ltd.
tosa...@sixapart.com
http://www.movabletype.org
http://www.movabletype.jp
------------------------------------------------------------------------
_______________________________________________
Mtos-dev mailing list
mtos-...@ml.sixapart.com
http://ml.sixapart.com/mailman/listinfo/mtos-dev
----- End forwarded message -----
--
Dominic Hargreaves | http://www.larted.org.uk/~dom/
PGP key 5178E2A5 from the.earth.li (keyserver,web,email)
--
To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
