Namazu-devel-ja($B5l(B)

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Namazuv2.0.7 $B$K%/%m%9%5%$%H%9%/%j%W(B$B%F%#%s%0@H
From: knok@xxxxxxxxxxxxx (NOKUBI Takatsugu)
Date: Tue, 27 Nov 2001 14:58:43 JST
X-ml-name: namazu-devel-ja
X-mail-count: 02144
<20011127031743.C521C579A2@xxxxxxxxxxxxxxxxxx>$B$N5-;v$K$*$$$F(B
(Bkenji@xxxxxxxxxxxxxxxx$B$5$s$O=q$-$^$7$?!#(B
(B
(B>> > Namazu itself is not so dangerous because it don't use
(B>> > HTTP cookie.
(B>> 
(B>> Namazu itself does not affected by the security hole, because
(B>> it doesn't use HTTP cookie.
(B
(B  "not affected" $B$O$A$g$C$H8@$$$9$.$@$H;W$$$^$9!#0JA0$K$b$3$NJU$j$K4X(B
$B$9$k5DO@$O$"$j$^$7$?$,!"G$0U$N(B script $B$r$KLBOG$r$+$1(B
$B$k2DG=@-$,$"$k$3$H$r9M$($k$H$d$O$j(B "not affected" $B$O$$$$$9$.$G$O$J$$$+(B
$B$H!#(B
(B
(B# $B$7$+$7(B /don't/doesn't/ $B$O$"$^$j$K%R%I$$4V0c$$$G$7$?!#$O$:$+$7$$(B ^^;
(B
(B  $B=$@5$r(B merge $B$7$?(B announce $B$r0J2<$K7G:\$7$F$*$-$^$9!#(B
(B
(B-- 
(B  Namazu 2.0.8 $B$r%j%j!<%9$7$^$7$?!#(B
(B
(B<http://www.namazu.org/stable/namazu-2.0.8.tar.gz>
(B<ftp://ftp.namazu.org/namazu/stable/namazu-2.0.8.tar.gz>
(B
(B  $B:#2s$O(B namazu.cgi $B$K@x$s$G$$$?%/%m%9%5%$%H%9%/%j%W%F%#%s%0LdBj$X$NBP(B
$B:v$N$?$a$@$1$N%j%j!<%9$G$9!#(BNamazu $BC1BN$G$O(B cookie $B$NMxMQ$r$7$F$$$J$$(B
$B$?$a!"$=$N>l9g$O4m81EY$O$=$l$[$I9b$/$"$j$^$;$s!#$7$+$7!"MxMQl9g$K$O$=$N(B cookie $B$,Bh;0)$7$^$9!#(B
(B
(B  $B%/%m%9%5%$%H%9%/%j%W%F%#%s%0LdBj$K4X$7$F$O!"0J2<$N>pJs$,;29M$K$J$j$^(B
$B$9!#(B
(B
(BWeb$B%5%$%H$K$*$1$k%/%m%9%5%$%H%9%/%j%W%F%#%s%0@HpJs(B
(B($B>pJs=hM}?J9T;v6H6(2q%;%-%e%j%F%#%;%s%?!<(B)
(Bhttp://www.ipa.go.jp/security/ciadr/20011023css.html
(B
(BCA-2000-02: Malicious HTML Tags Embedded in Client Requests
(B(CERT)
(Bhttp://www.cert.org/advisories/CA-2000-02.html
(B
(B  $B$3$NLdBj$O9bLZ9@8w;a(B($BFHN)9T@/K!?M;:6H5;=QAm9g8&5f=j(B)$B$K$h$jH/8+$5$l$^(B
$B$7$?!#$4Js9p46http://www.namazu.org/stable/namazu-2.0.8.tar.gz>
(B<ftp://ftp.namazu.org/namazu/stable/namazu-2.0.8.tar.gz>
(B
(BThis release is a security fix for cross site scripting probrem in
(Bnamazu.cgi.  Namazu itself is not so dangerous because it doesn't use
(BHTTP cookie. However, if a user uses both Namazu and HTTP cookie, the
(Bcookie may be stolen by a third party.  If you are conformed with the
(Bcase or not, we recommend you to upgrade this version of namazu.cgi.
(B
(BHelpful information about "Cross site scripting" is the following:
(B
(BCA-2000-02: Malicious HTML Tags Embedded in Client Requests
(B(CERT)
(Bhttp://www.cert.org/advisories/CA-2000-02.html
(B
(BThe issue was discovered by Hiromitsu Takagi (National Institute of
(BAdvanced Industrial Science and Technology). We are grateful to him
(Bfor his report.
(B-- 
$BLn




Follow-Ups:

 typo at announce (Re: Namazuv2.0.7	$B$K%/%m(B$B%9%5%$%H%9%/%j%W%F%#%s%0@H
From: $BF#86(B  $B@?(B / Makoto Fujiwara




References:

 Re: Namazuv2.0.7 $B$K%/%m%9%5%$%H%9%/%j%W(B$B%F%#%s%0@H
From: Kenji Suzuki





Prev by Date:
 Re: 2.0.8pre1 (Re: Namazu v2.0.7 $B$K%/%m%9%5%$%H%9%/%j%W(B$B%F%#%s%0@H

Next by Date:
 Re: 2.0.8pre1 (Re: Namazu v2.0.7 $B$K%/%m%9%5%$%H%9%/%j%W(B$B%F%#%s%0@H

Previous by thread:
 Re: Namazuv2.0.7 $B$K%/%m%9%5%$%H%9%/%j%W(B$B%F%#%s%0@H

Next by thread:
 typo at announce (Re: Namazuv2.0.7	$B$K%/%m(B$B%9%5%$%H%9%/%j%W%F%#%s%0@H

Index(es):

Date
Thread
Namazu-devel-ja($B5l(B)

Namazu-devel-ja($B5l(B)
