On 9/11/06, Christopher Murtagh <..hidden..> wrote:
It would be nice if someone here sent Dieter a friendly note to let
him know, and perhaps a patch too. After all, as Jason had pointed
out, it is largely his work we're still using.
I will volunteer to do that. Not that Dieter respects me, but process is more important than outcome.
The main point is that if I send an security advisory to Bugtraq, I would want to say that LedgerSMB corrects this problem in 1.0.1 and that all users are advised to upgrade to the latest version. If SQL-Ledger can't include a fix by that point, it makes us look more security conscious, if there are no objections.
BTW, the terminal problem is still an issue. bin/xterm doesn't exist,
and when I try to run any of the scripts from the terminal, it tries
to include these. Is this a dumb user problem or is terminal broken in
LedgerSMB and/or SL?
In 2.4.x bin/xterm was basically a symlink to bin/lynx
THe fact that it is not there in 2.6 is an indication that nobody uses it. Which is a good thing as far as the security issue is concerned. :-)
Cheers,
Chris
-------------------------------------------------------------------------
Using Tomcat but need to do more? Need to support web services, security?
Get stuff done quickly with pre-integrated technology to make your job easier
Download IBM WebSphere Application Server v.1.0.1 based on Apache Geronimo
http://sel.as-us.falkag.net/sel?cmd=lnk&kid=120709&bid=263057&dat=121642
_______________________________________________
Ledger-smb-devel mailing list
..hidden..
https://lists.sourceforge.net/lists/listinfo/ledger-smb-devel