[VIM] TinyMCE advisory question (fwd)

Matthew Murphy mattmurphy at kc.rr.com
Fri Dec 30 18:52:31 EST 2005


-----BEGIN PGP SIGNED MESSAGE-----
Hash: RIPEMD160

TinyMCE isn't what he's referring to.  It seems the compressor is an
optional seperate package?  The advisory specifically names Compressor
as being vulnerable.  Indeed, on the front page of the vendor's site
(tinymce.moxiecode.com) is the following:

"Critical update of TinyMCE Compressor (PHP)

A possible security issue has been found with the TinyMCE Compressor
(PHP), we urge you to upgrade to 1.05 version as soon as possible!
Thanks to Stefan Esser (http://www.hardened-php.net) for reporting this
issue."

The compressor appears to be a simple add-on component (it has two
versions, one in PHP, one in ASP.NET).

- --
"Social Darwinism: Try to make something idiot-proof,
nature will provide you with a better idiot."

                                -- Michael Holstein

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2 (MingW32)
Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org

iD8DBQFDtcg/fp4vUrVETTgRA9YwAKCMBNT2DOuOLLWxYJhcBvrRsJBZEACfU+I6
cYRPimTzbqydxuPMpVAwvEY=
=qvty
-----END PGP SIGNATURE-----
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/x-pkcs7-signature
Size: 3436 bytes
Desc: S/MIME Cryptographic Signature
Url : http://www.attrition.org/pipermail/vim/attachments/20051230/6a899d71/attachment-0001.bin 


More information about the VIM mailing list