Bugtraq mailing list archives
Re: Insecure handling of notes in Slashcode
From: Chris Nandor <pudge () osdn com>
Date: Sun, 9 Sep 2001 10:48:40 -0400
I just want to clarify that the Plastic issue (and best wishes to Joey et al to get access so they can fix the problem) is *not* an issue with Slash. Their messaging system is their own. The messaging system to be released with Slash 2.2 is unrelated to Plastic's system. There is no vulnerability issue here with Slash, only with sites using Plastic's messaging "plugin" to Slash (and I know of no other sites doing so). http://www.net-security.org/text/bugs/999961861,49159,.shtml The original notice at net-security.org stated that they looked at the Slash bug database for mention of the issue and found none, and that they did not know what versions of Slash were affected, and that they did not know if this was a Slash thing or a Plastic thing. Simply contacting the Slash mailing lists, filing a bug report, or contacting us directly would have cleared it up immediately. Yay. Joey, good luck in getting this fixed, -- Chris Nandor pudge () pobox com http://pudge.net/ Open Source Development Network pudge () osdn com http://osdn.com/
Current thread:
- Insecure handling of notes in Slashcode jesus lovejones (Sep 08)
- Message not available
- Re: Insecure handling of notes in Slashcode Anuff Joey (Sep 08)
- Message not available
- <Possible follow-ups>
- Re: Insecure handling of notes in Slashcode Chris Nandor (Sep 09)