[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Potential security issue with LedgerSMB (inherited from SL)





On 9/11/06, Christopher Murtagh <..hidden..> wrote:


It would be nice if someone here sent Dieter a friendly note to let
him know, and perhaps a patch too. After all, as Jason had pointed
out, it is largely his work we're still using.

I will volunteer to do that.  Not that Dieter respects me, but process is more important than outcome.

The main point is that if I send an security advisory to Bugtraq, I would want to say that LedgerSMB corrects this problem in 1.0.1 and that all users are advised to upgrade to the latest version.  If SQL-Ledger can't include a fix by that point, it makes us look more security conscious, if there are no objections.

BTW, the terminal problem is still an issue. bin/xterm doesn't exist,
and when I try to run any of the scripts from the terminal, it tries
to include these. Is this a dumb user problem or is terminal broken in
LedgerSMB and/or SL?

In 2.4.x bin/xterm was basically a symlink to bin/lynx

THe fact that it is not there in 2.6 is an indication that nobody uses it.  Which is a good thing as far as the security issue is concerned. :-)

Cheers,

Chris

-------------------------------------------------------------------------
Using Tomcat but need to do more? Need to support web services, security?
Get stuff done quickly with pre-integrated technology to make your job easier
Download IBM WebSphere Application Server v.1.0.1 based on Apache Geronimo
http://sel.as-us.falkag.net/sel?cmd=lnk&kid=120709&bid=263057&dat=121642
_______________________________________________
Ledger-smb-devel mailing list
..hidden..
https://lists.sourceforge.net/lists/listinfo/ledger-smb-devel