NYCPHP Meetup

NYPHP.org

[mambo] Mambo 4.5.2.2 is out! [SECURITY PATCH]

kirill at hostnetservices.com kirill at hostnetservices.com
Thu Jun 2 11:39:26 EDT 2005


Mitch,

The only patch I see is for 4.5.2, but I have one site that is using 
4.5.1. 

Also what modules are affected - I looked at the 4.5.2.2  patch and see 
only two files:

frontend.html.php
content.html.php

Thanks,

Kirill



Mitch Pirtle <mitch.pirtle at gmail.com> 
Sent by: mambo-bounces at lists.nyphp.org
06/02/2005 12:14 AM

Please respond to
"NYPHP SIG: Mambo" <mambo at lists.nyphp.org>


To
"NYPHP SIG: Mambo" <mambo at lists.nyphp.org>
cc

Subject
[mambo] Mambo 4.5.2.2 is out! [SECURITY PATCH]






Hi gang,

Apologies for the cross post.

There was a security issue found in the included domit-xml xml parsing
library in the current version of Mambo, which we have fixed with this
release (4.5.2.2). The vulnerability includes information disclosure,
including the contents of your configuration.php - so this is an
immediate, critical upgrade.

You can get the full version or patch at MamboForge:

    http://mamboforge.net/frs/?group_id=5

--
Mitch Pirtle
Mambo Core Developer
_______________________________________________
New to Mambo? Get a great start here:
http://forum.mamboserver.com/showthread.php?tB100

New York PHP SIG: Mambo Mailing List
AMP Technology
Supporting Apache, MySQL, PHP &amp; Mambo!
http://lists.nyphp.org/mailman/listinfo/mambo
http://www.nyphp.org

ForwardSourceID:NT0002EA9A 
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.nyphp.org/pipermail/joomla/attachments/20050602/c565caaf/attachment.html>


More information about the Joomla mailing list