[ZendTo] Re: ZendTo: Release 4.11-13

Jules Jules at Zend.To
Tue Dec 17 10:45:51 GMT 2013 

On 17/12/2013 09:26, Harris, David wrote:
> Hi,
>
> Is this the vulnerability I picked up with our Nessus scanner?
Don't know. It's CVE-2013-6808.
>
> Also, I'm a bit of a linux idiot - what's the best way to perform the updates??
If you're running RedHat/CentOS or any other yum based system then just
     yum update zendto
should work.
If you're running Ubuntu/Debian or any other apt based system then
     apt-get update
     apt-get upgrade zendto
should work.

Jules.

>
> Dave
>
>
> -----Original Message-----
> From: zendto-bounces at zend.to [mailto:zendto-bounces at zend.to] On Behalf Of Jules
> Sent: 14 December 2013 13:47
> To: ZendTo Users
> Subject: [ZendTo] ZendTo: Release 4.11-13
>
> Folks,
>
> I have just released a new version to fix the vulnerability found by Richard Rogerson in ZendTo. It's a cross-site scripting vulnerability that I let through by mistake.
> I have done a similar test to the one Richard used to demonstrate it, and the fault is now caught correctly.
>
> Please upgrade and let me know that it works for you!
>
> Jules
>
> --
> Julian Field MEng MBCS CITP CEng
>
> South-east Iceland: Cyclonic, 5 to 7, increasing gale 8 to storm 10 in east.
> Very rough or high. Rain or squally showers. Good, occasionally poor.
>
> www.Zend.To
> Twitter: @JulesFM
> PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654
>
> _______________________________________________
> ZendTo mailing list
> ZendTo at zend.to
> http://mailman.ecs.soton.ac.uk/mailman/listinfo/zendto
>
> _______________________________________________
> ZendTo mailing list
> ZendTo at zend.to
> http://mailman.ecs.soton.ac.uk/mailman/listinfo/zendto
>
> Jules
>
> -- 
> Julian Field MEng MBCS CITP CEng
>
> 'Adversity is like a strong wind. I don't mean just that it holds
>   us back from places we might otherwise go. It also tears away from
>   us all but the things that cannot be torn, so that afterward we see
>   ourselves as we really are, and not merely as we might like to be.'
>   - Arthur Golden
>
> www.Zend.To
> Twitter: @JulesFM
> PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654

More information about the ZendTo mailing list