[22580] in bugtraq
Re: Insecure handling of notes in Slashcode
daemon@ATHENA.MIT.EDU (Chris Nandor)
Sun Sep 9 15:24:23 2001
Mime-Version: 1.0
Message-Id: <p0510030eb7c12fb584a3@[10.0.1.177]>
In-Reply-To: <15259.31256.74000.672729@gargle.gargle.HOWL>
Date: Sun, 9 Sep 2001 10:48:40 -0400
To: brain_eater@zombieworld.com, bugtraq@securityfocus.com,
joey@automatic-media.com
From: Chris Nandor <pudge@osdn.com>
Content-Type: text/plain; charset="us-ascii"
I just want to clarify that the Plastic issue (and best wishes to Joey et
al to get access so they can fix the problem) is *not* an issue with Slash.
Their messaging system is their own. The messaging system to be released
with Slash 2.2 is unrelated to Plastic's system. There is no vulnerability
issue here with Slash, only with sites using Plastic's messaging "plugin"
to Slash (and I know of no other sites doing so).
http://www.net-security.org/text/bugs/999961861,49159,.shtml
The original notice at net-security.org stated that they looked at the
Slash bug database for mention of the issue and found none, and that they
did not know what versions of Slash were affected, and that they did not
know if this was a Slash thing or a Plastic thing. Simply contacting the
Slash mailing lists, filing a bug report, or contacting us directly would
have cleared it up immediately.
Yay.
Joey, good luck in getting this fixed,
--
Chris Nandor pudge@pobox.com http://pudge.net/
Open Source Development Network pudge@osdn.com http://osdn.com/
