Re: Ejabberd : Symlink vulnerability during installation process

To: bugtraq@xxxxxxxxxxxxxxxxx
Subject: Re: Ejabberd : Symlink vulnerability during installation process
From: mickael.remond@xxxxxxxxxxxxxxx
Date: 3 May 2006 21:23:22 -0000
List-help: <mailto:bugtraq-help@securityfocus.com>
List-id: <bugtraq.list-id.securityfocus.com>
List-post: <mailto:bugtraq@securityfocus.com>
List-subscribe: <mailto:bugtraq-subscribe@securityfocus.com>
List-unsubscribe: <mailto:bugtraq-unsubscribe@securityfocus.com>
Mailing-list: contact bugtraq-help@xxxxxxxxxxxxxxxxx; run by ezmlm

The problem was in the software generating the installer. We have worked with 
their team and they have been very responsive.

The problem has been fixed with the release of a new installer version (Less 
than one day, about 12  jours :-):
Version: ejabberd-1.1.1_2-linux-installer.bin
Download page: 
http://www.process-one.net/en/projects/ejabberd/download.html#binaries

Note that the problem was not on ejabberd itself but on its installer 
generation tool, which is a third-party installer generator software.

Best regards,

-- 
Mickaël Rémond
http://www.process-one.net/

Prev by Date: Re: OpenVPN 2.0.7 and below: Remote OpenVPN Management Interface Flaw
Next by Date: [SECURITY] [DSA 1051-1] New Mozilla Thunderbird packages fix several vulnerabilities
Previous by thread: Ejabberd : Symlink vulnerability during installation process
Next by thread: geoBlog Mutiple XSS Vulnerability
Index(es):
- Date
- Thread