Namazu-devel-ja($B5l(B)

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: 2.0.8pre1 (Re: Namazu v2.0.7 $B$K%/%m%9%5%$%H%9%/%j%W(B$B%F%#%s%0@H

From: knok@xxxxxxxxxxxxx (NOKUBI Takatsugu)
Date: Tue, 27 Nov 2001 11:48:56 JST
X-ml-name: namazu-devel-ja
X-mail-count: 02136

<200111270204.LAA18903@xxxxxxxxxxxxx>$B$N5-;v$K$*$$$F(B
$B;d$O=q$-$^$7$?!#(B
(B
(B>>   $B$H$j$"$($:!":#(B make check $B$r$7$F$$$k$H$3$m$G$9!#(B
(B
(B  Debian sid $B$K$G(B make check $B$,A4$FDL$k$3$H$r3NG'$7$^$7$?!#$G$-$l$P:#(B
$B2s$N(B fix $B$KBP1~$7$?(B test script $B$r=q$-$?$$$H$3$m$G$9$,!"$^$:$O%j%j!<%9(B
$B$rK;$.$^$7$g$&!#(B
(B
(B>> * ML $B$X$N%"%J%&%s%9J8LL$N:n@.(B
(B
(B  $B$H$j$"$($:=q$$$F$_$^$7$?$N$G!"$3$N%a!<%k$N:G8e$K:\$;$F$*$-$^$9!#=$@5(B
$B4?7^(B($BFC$K1Q8lJ8LL(B ^^; $B;~@)$,$A$g$C$H$*$+$7$$$h$&$J(B...)$B!#(B
(B
(B>> * $BCxL>$J(B web site $B$X$NO"Mm(B
(B
(B  $B$H$j$"$($:(B slashdot $B$"$?$j$r9M$($F$$$^$9$,!"CxL>$J%K%e!<%9%5%$%H$"$?(B
$B$j$K$bEj$2$?J}$,$$$$$G$9$+$M(B?
(B
(B>> * $B$=$N6Z$N(B ML $B$X$NO"Mm(B (BUGTRAQ-J?)
(B
(B  memo ML $B$K$bEj$2$^$7$g$&!#(B
(B
(B>> * $B9bLZ$5$s$X$NJV?.(B
(B
(B  $B$3$l$O;d$+$iJV?.$r$7$F$*$-$^$9!#(B
(B
(B--
(B  Namazu 2.0.8 $B$r%j%j!<%9$7$^$7$?!#(B
(B
(B<http://www.namazu.org/stable/namazu-2.0.8.tar.gz>
(B<ftp://ftp.namazu.org/namazu/stable/namazu-2.0.8.tar.gz>
(B
(B  $B:#2s$O(B namazu.cgi $B$K@x$s$G$$$?%/%m%9%5%$%H%9%/%j%W%F%#%s%0LdBj$X$NBP(B
$B:v$N$?$a$@$1$N%j%j!<%9$G$9!#(BNamazu $BC1BN$G$O(B cookie $B$NMxMQ$r$7$F$$$J$$(B
$B$?$a!"$=$N>l9g$O4m81EY$O$=$l$[$I9b$/$"$j$^$;$s!#$7$+$7!"MxMQl9g$K$O$=$N(B cookie $B$,Bh;0)$7$^$9!#(B
(B
(B  $B%/%m%9%5%$%H%9%/%j%W%F%#%s%0LdBj$K4X$7$F$O!"0J2<$N>pJs$,;29M$K$J$j$^(B
$B$9!#(B
(B
(BWeb$B%5%$%H$K$*$1$k%/%m%9%5%$%H%9%/%j%W%F%#%s%0@HpJs(B
(B($B>pJs=hM}?J9T;v6H6(2q%;%-%e%j%F%#%;%s%?!<(B)
(Bhttp://www.ipa.go.jp/security/ciadr/20011023css.html
(B
(BCA-2000-02: Malicious HTML Tags Embedded in Client Requests
(B(CERT)
(Bhttp://www.cert.org/advisories/CA-2000-02.html
(B
(B--
(B
(BNamazu 2.0.8 was released.
(B
(B<http://www.namazu.org/stable/namazu-2.0.8.tar.gz>
(B<ftp://ftp.namazu.org/namazu/stable/namazu-2.0.8.tar.gz>
(B
(BThis release is a security fix for cross site scripting probrem in
(Bnamazu.cgi.  Namazu itself is not so dangerous because it don't use
(BHTTP cookie. However, if a user uses Namazu with HTTP cookie, the
(Bcookie may be disclosed by a third party.  If you are conformed with
(Bthe case or not, we recommend you to upgrade this version of namazu.cgi.
(B
(BHelpful information about "Cross site scripting" is the following:
(B
(BCA-2000-02: Malicious HTML Tags Embedded in Client Requests
(B(CERT)
(Bhttp://www.cert.org/advisories/CA-2000-02.html
(B-- 
$BLn




Follow-Ups:

 Re: 2.0.8pre1 (Re: Namazu v2.0.7 $B$K%/%m%9%5%$%H%9%/%j%W(B$B%F%#%s%0@H
From: Kenji Suzuki




References:

 Re: 2.0.8pre1 (Re: Namazu v2.0.7	$B$K%/%m%9%5%$%H%9%/%j%W(B$B%F%#%s%0@H
From: NOKUBI Takatsugu





Prev by Date:
 Re: 2.0.8pre1 (Re: Namazu v2.0.7	$B$K%/%m%9%5%$%H%9%/%j%W(B$B%F%#%s%0@H

Next by Date:
 Re: Namazuv2.0.7 $B$K%/%m%9%5%$%H(B$B%9%/%j%W%F%#%s%0@H

Previous by thread:
 Re: 2.0.8pre1 (Re: Namazu v2.0.7	$B$K%/%m%9%5%$%H%9%/%j%W(B$B%F%#%s%0@H

Next by thread:
 Re: 2.0.8pre1 (Re: Namazu v2.0.7 $B$K%/%m%9%5%$%H%9%/%j%W(B$B%F%#%s%0@H

Index(es):

Date
Thread

Namazu-devel-ja($B5l(B)

Namazu-devel-ja($B5l(B)