Half-done fix, possibly. If they tell people where to aim, they'll find another way to exploit.. Don't get me wrong, that's not hate. On 3 Feb 2016 23:02, "Hasser Css" <[email protected]> wrote:
> Thanks for being one of the few Valve people who give any kind of > communication, but that is a pretty bad explanation. > > One can say it is unlikely that people have been exploited because it was > disclosed privately and such... but that is not a good security mindset. > What exactly is the harm in saying the scope of the vulnerability, > especially now that it is fixed? :/ > > On Wed, Feb 3, 2016 at 7:29 PM, John Schoenick <[email protected]> > wrote: > >> The issue in question was discovered and reported to us privately, so we >> don't expect any action should be necessary for up-to-date servers. >> >> It is always, of course, a good idea to ensure you are running servers >> with the least necessary privilege to limit the scope of any >> vulnerabilities future or present. >> >> - John >> >> >> On 02/02/2016 02:55 PM, Emil Larsson wrote: >> >> What was this security issue exactly? Any concerns for us server owners >> for previously leaked rcon passwords? Or files being uploaded that aren't >> sprays? >> Den 2 feb 2016 23:26 skrev "Eric Smith" <[email protected]>: >> >>> We've released a mandatory update for TF2. The update notes are below. >>> The new version is 3271684. >>> >>> -Eric >>> >>> ------------------------------- >>> >>> - Fixed a security issue related to the file system (thanks to Simon >>> Pinfold for this report) >>> - Fixed a client crash related to the material system >>> - Fixed a crash when using medium or low texture quality on maps with >>> static prop lighting >>> - Fixed not seeing team names when using custom scoreboards >>> - Fixed leaderboards occasionally not displaying when changing map >>> - Improved bspzip tool stability when packing maps with large amounts of >>> custom assets >>> - Updated the contents of the Gargoyle Case, the Fall 2013 Acorns Crate, >>> the Love And War Cosmetics Bundle, the Mann Co. Strongbox, and the Mann Co. >>> Stockpile Crate >>> - Updated the model/materials for the Crusader's Getup and Arthropod's >>> Aspect >>> - Updated The HazMat Headcase so it can be equipped by the Sniper >>> - Updated The Mustachioed Mann so it can be equipped by all classes and >>> added a second style >>> - Updated The Special Eyes so it can be equipped by the Pyro and added a >>> second style >>> - Updated The Frenchman's Formals to hide the Scout's dog-tags >>> - Updated the equip_region for the Cheater's Lament and added a new style >>> - Updated the Backburner to add the pilot light >>> - Updated the Rainblower to remove the pilot light >>> - Updated several materials to fix issues caused by mat_picmip >>> - Updated the localization files >>> - Updated pl_borneo >>> - Fixed an exploit where players could get outside the map >>> - Updated ctf_landfall >>> - Fixed some material issues >>> - Updated cp_vanguard >>> - Added new path to the last point >>> - New geometry to reduce sightlines on the middle point >>> - Reorganized spawn points to better exit final spawns >>> - Fixed Red forward spawn door blocking when held open >>> - Fixed some material issues >>> >>> _______________________________________________ >>> To unsubscribe, edit your list preferences, or view the list archives, >>> please visit: >>> https://list.valvesoftware.com/cgi-bin/mailman/listinfo/hlds >>> >> >> >> _______________________________________________ >> To unsubscribe, edit your list preferences, or view the list archives, >> please visit:https://list.valvesoftware.com/cgi-bin/mailman/listinfo/hlds >> >> >> >> _______________________________________________ >> To unsubscribe, edit your list preferences, or view the list archives, >> please visit: >> https://list.valvesoftware.com/cgi-bin/mailman/listinfo/hlds >> >> > > _______________________________________________ > To unsubscribe, edit your list preferences, or view the list archives, > please visit: > https://list.valvesoftware.com/cgi-bin/mailman/listinfo/hlds > >
_______________________________________________ To unsubscribe, edit your list preferences, or view the list archives, please visit: https://list.valvesoftware.com/cgi-bin/mailman/listinfo/hlds
