On Fri, Mar 04, 2005 at 12:06:37AM +0100, Sebastian Wolfgarten wrote: > I am pretty sure Fabian (Neonomicus) meant *every link* (or > site) generated by Typo3, didn't he? Even if he did, it would be just as incorrect as the original Subject. > @Fabian (Neonomicus): Could you please provide more details > about the vulnerability you've discoveredl? By the way did you > give the Typo3 guys *enough* time to respond??? Most likely it was some weird way of contacting them in the first place: posting the message to BTS resulted in an updated extension version being published within some 5 hours, security announce on the website ("Severity: high") and a reminder on contact address (typo3-project-security>lists.netfielders.de). PS: when choosing "the next CMS", one of our considerations was virtually empty bugtraq coverage (with the code being public since 2000 and used on quite a few sites). Go figure :-) -- ---- WBR, Michael Shigorin <mike@xxxxxxxxxxx> ------ Linux.Kiev http://www.linux.kiev.ua/
Attachment:
pgpRMr8toan8V.pgp
Description: PGP signature