@Hasser, there is a mass update slated for a few Source Games including the Source SDK 2013 stuff so I imagine the fix needs to be implemented everywhere? Maybe that's why they can't detail it.
On Wed, Feb 3, 2016 at 5:04 PM, Bartek S <[email protected]> wrote: > Half-done fix, possibly. If they tell people where to aim, they'll find > another way to exploit.. Don't get me wrong, that's not hate. > On 3 Feb 2016 23:02, "Hasser Css" <[email protected]> wrote: > >> Thanks for being one of the few Valve people who give any kind of >> communication, but that is a pretty bad explanation. >> >> One can say it is unlikely that people have been exploited because it was >> disclosed privately and such... but that is not a good security mindset. >> What exactly is the harm in saying the scope of the vulnerability, >> especially now that it is fixed? :/ >> >> On Wed, Feb 3, 2016 at 7:29 PM, John Schoenick <[email protected]> >> wrote: >> >>> The issue in question was discovered and reported to us privately, so we >>> don't expect any action should be necessary for up-to-date servers. >>> >>> It is always, of course, a good idea to ensure you are running servers >>> with the least necessary privilege to limit the scope of any >>> vulnerabilities future or present. >>> >>> - John >>> >>> >>> On 02/02/2016 02:55 PM, Emil Larsson wrote: >>> >>> What was this security issue exactly? Any concerns for us server owners >>> for previously leaked rcon passwords? Or files being uploaded that aren't >>> sprays? >>> Den 2 feb 2016 23:26 skrev "Eric Smith" <[email protected]>: >>> >>>> We've released a mandatory update for TF2. The update notes are below. >>>> The new version is 3271684. >>>> >>>> -Eric >>>> >>>> ------------------------------- >>>> >>>> - Fixed a security issue related to the file system (thanks to Simon >>>> Pinfold for this report) >>>> - Fixed a client crash related to the material system >>>> - Fixed a crash when using medium or low texture quality on maps with >>>> static prop lighting >>>> - Fixed not seeing team names when using custom scoreboards >>>> - Fixed leaderboards occasionally not displaying when changing map >>>> - Improved bspzip tool stability when packing maps with large amounts >>>> of custom assets >>>> - Updated the contents of the Gargoyle Case, the Fall 2013 Acorns >>>> Crate, the Love And War Cosmetics Bundle, the Mann Co. Strongbox, and the >>>> Mann Co. Stockpile Crate >>>> - Updated the model/materials for the Crusader's Getup and Arthropod's >>>> Aspect >>>> - Updated The HazMat Headcase so it can be equipped by the Sniper >>>> - Updated The Mustachioed Mann so it can be equipped by all classes and >>>> added a second style >>>> - Updated The Special Eyes so it can be equipped by the Pyro and added >>>> a second style >>>> - Updated The Frenchman's Formals to hide the Scout's dog-tags >>>> - Updated the equip_region for the Cheater's Lament and added a new >>>> style >>>> - Updated the Backburner to add the pilot light >>>> - Updated the Rainblower to remove the pilot light >>>> - Updated several materials to fix issues caused by mat_picmip >>>> - Updated the localization files >>>> - Updated pl_borneo >>>> - Fixed an exploit where players could get outside the map >>>> - Updated ctf_landfall >>>> - Fixed some material issues >>>> - Updated cp_vanguard >>>> - Added new path to the last point >>>> - New geometry to reduce sightlines on the middle point >>>> - Reorganized spawn points to better exit final spawns >>>> - Fixed Red forward spawn door blocking when held open >>>> - Fixed some material issues >>>> >>>> _______________________________________________ >>>> To unsubscribe, edit your list preferences, or view the list archives, >>>> please visit: >>>> https://list.valvesoftware.com/cgi-bin/mailman/listinfo/hlds >>>> >>> >>> >>> _______________________________________________ >>> To unsubscribe, edit your list preferences, or view the list archives, >>> please visit:https://list.valvesoftware.com/cgi-bin/mailman/listinfo/hlds >>> >>> >>> >>> _______________________________________________ >>> To unsubscribe, edit your list preferences, or view the list archives, >>> please visit: >>> https://list.valvesoftware.com/cgi-bin/mailman/listinfo/hlds >>> >>> >> >> _______________________________________________ >> To unsubscribe, edit your list preferences, or view the list archives, >> please visit: >> https://list.valvesoftware.com/cgi-bin/mailman/listinfo/hlds >> >> > _______________________________________________ > To unsubscribe, edit your list preferences, or view the list archives, > please visit: > https://list.valvesoftware.com/cgi-bin/mailman/listinfo/hlds > > -- *Matthew (Rowedahelicon) Robinson* Web Designer / Artist / Writer Website - http://www.rowedahelicon.com/
_______________________________________________ To unsubscribe, edit your list preferences, or view the list archives, please visit: https://list.valvesoftware.com/cgi-bin/mailman/listinfo/hlds
