Namazu-devel-ja($B5l(B)

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Namazuv2.0.7 $B$K%/%m%9%5%$%H(B$B%9%/%j%W%F%#%s%0@H

From: knok@xxxxxxxxxxxxx (NOKUBI Takatsugu)
Date: Tue, 27 Nov 2001 11:59:29 JST
X-ml-name: namazu-devel-ja
X-mail-count: 02137

  Namazu Project $B$NLn\:Y$rCN$C$?;~E@$G!":#2s$NLdBj$K5$IU$-$^$7$?!#$b$C$HAa$/(B
(B>> $B8+$D$1=P$7$F$*$/$Y$-$H$3$m!"NO5Z$P$J$+$C$?$N$,L5G0$G$9!#(B
(B
(B  $B2a5n$K$*$$$F!"8D?ME*$K9bLZ$5$s$N%;%-%e%j%F%#$K4X$9$k9V1i$r;G$C$F$$$^(B
$B$7$?$N$G!"$=$N;~$K(B &quot; $B$K4X$9$kLdBj$K$D$$$F$b$C$H$7$C$+$j%3!<%I$ND4(B
$B::$r9T$J$&$Y$-$@$C$?$H!"8D?ME*$K8e2y$7$F$*$j$^$9!#(B
(B
(B>> $B$<$R$H$b9pCNMQ$N%j%9%H$rMQ0U$5$l$F!":#8e8+$D$+$jF@$k@HpJs$b(B
$B$"$k$+$H;W$$$^$9!#5l%P!<%8%g%s$X$NBP1~$d>pJs8x3+$r4^$a!"%j%j!<%9http://www.namazu.org/stable/namazu-2.0.8.tar.gz>
(B<ftp://ftp.namazu.org/namazu/stable/namazu-2.0.8.tar.gz>
(B
(B  $B:#2s$O(B namazu.cgi $B$K@x$s$G$$$?%/%m%9%5%$%H%9%/%j%W%F%#%s%0LdBj$X$NBP(B
$B:v$N$?$a$@$1$N%j%j!<%9$G$9!#(BNamazu $BC1BN$G$O(B cookie $B$NMxMQ$r$7$F$$$J$$(B
$B$?$a!"$=$N>l9g$O4m81EY$O$=$l$[$I9b$/$"$j$^$;$s!#$7$+$7!"MxMQl9g$K$O$=$N(B cookie $B$,Bh;0)$7$^$9!#(B
(B
(B  $B%/%m%9%5%$%H%9%/%j%W%F%#%s%0LdBj$K4X$7$F$O!"0J2<$N>pJs$,;29M$K$J$j$^(B
$B$9!#(B
(B
(BWeb$B%5%$%H$K$*$1$k%/%m%9%5%$%H%9%/%j%W%F%#%s%0@HpJs(B
(B($B>pJs=hM}?J9T;v6H6(2q%;%-%e%j%F%#%;%s%?!<(B)
(Bhttp://www.ipa.go.jp/security/ciadr/20011023css.html
(B
(BCA-2000-02: Malicious HTML Tags Embedded in Client Requests
(B(CERT)
(Bhttp://www.cert.org/advisories/CA-2000-02.html
(B
(B--
(B
(BNamazu 2.0.8 was released.
(B
(B<http://www.namazu.org/stable/namazu-2.0.8.tar.gz>
(B<ftp://ftp.namazu.org/namazu/stable/namazu-2.0.8.tar.gz>
(B
(BThis release is a security fix for cross site scripting probrem in
(Bnamazu.cgi.  Namazu itself is not so dangerous because it don't use
(BHTTP cookie. However, if a user uses Namazu with HTTP cookie, the
(Bcookie may be disclosed by a third party.  If you are conformed with
(Bthe case or not, we recommend you to upgrade this version of namazu.cgi.
(B
(BHelpful information about "Cross site scripting" is the following:
(B
(BCA-2000-02: Malicious HTML Tags Embedded in Client Requests
(B(CERT)
(Bhttp://www.cert.org/advisories/CA-2000-02.html
(B-- 
$BLn




Follow-Ups:

 Re: Namazuv2.0.7 $B$K%/%m%9%5%$%H%9%/%j%W(B$B%F%#%s%0@H
From: Kenji Suzuki




References:

 Re: Namazu v2.0.7 $B$K%/%m%9%5%$%H%9%/%j(B$B%W%F%#%s%0@H
From: TAKAGI, Hiromitsu





Prev by Date:
 Re: 2.0.8pre1 (Re: Namazu v2.0.7	$B$K%/%m%9%5%$%H%9%/%j%W(B$B%F%#%s%0@H

Next by Date:
 Re: Namazuv2.0.7 $B$K%/%m%9%5%$%H%9%/%j%W(B$B%F%#%s%0@H

Previous by thread:
 Re: Namazuv2.0.7 	$B$K%/%m%9%5%$%H%9%/%j%W(B$B%F%#%s%0@H

Next by thread:
 Re: Namazuv2.0.7 $B$K%/%m%9%5%$%H%9%/%j%W(B$B%F%#%s%0@H

Index(es):

Date
Thread

Namazu-devel-ja($B5l(B)

Namazu-devel-ja($B5l(B)