Package: movabletype-opensource Version: 4.3.6.1+dfsg-1 Severity: grave Tags: security Justification: user security hole
As reported in: <http://www.movabletype.org/documentation/appendices/release-notes/512.html> "Movable Type 5.12, 5.06, 4.37 were released as mandatory security updates. These updates resolve multiple vulnerabilities discovered in Movable Type 5.x and Movable Type 4.x. All users must upgrade to the latest release immediately." "Under certain circumstances, a user who has "Create Entries" or "Manage Blog" pemissions may be able to read known files on the local file system." -- Dominic Hargreaves | http://www.larted.org.uk/~dom/ PGP key 5178E2A5 from the.earth.li (keyserver,web,email) -- To UNSUBSCRIBE, email to [email protected] with a subject of "unsubscribe". Trouble? Contact [email protected]

