Package: movabletype-opensource
Version: 4.3.6.1+dfsg-1
Severity: grave
Tags: security
Justification: user security hole

As reported in:
<http://www.movabletype.org/documentation/appendices/release-notes/512.html>

"Movable Type 5.12, 5.06, 4.37 were released as mandatory security updates. 
These updates resolve multiple vulnerabilities discovered in Movable Type 5.x 
and Movable Type 4.x. All users must upgrade to the latest release immediately."

"Under certain circumstances, a user who has "Create Entries" or "Manage Blog" 
pemissions may be able to read known files on the local file system."

-- 
Dominic Hargreaves | http://www.larted.org.uk/~dom/
PGP key 5178E2A5 from the.earth.li (keyserver,web,email)



-- 
To UNSUBSCRIBE, email to [email protected]
with a subject of "unsubscribe". Trouble? Contact [email protected]

Reply via email to