Security update: CVE-2014-1403 - additional patch

45 views
Skip to first unread message

Øyvind Sean Kinsey

unread,
Jan 19, 2014, 1:19:44 PM1/19/14
to easyxdm, easyxdm-...@googlegroups.com
Please note that a the initial fix contained a flaw, which has since been updated. To make sure you are properly protected, use either master, or the 2.4.19.3 download.

Apologies for not catching this initially, and thanks to the security researcher Krzysztof Kotowicz for noticing.

Sean

On Sat, Jan 18, 2014 at 2:18 PM, Øyvind Sean Kinsey <oyv...@kinsey.no> wrote:
An update has been made to easyXDM to remove a potential vulnerability.
You can find the release on https://github.com/oyvindkinsey/easyXDM/releases/tag/2.4.19

Please update easyxdm.min.js, name.html, or both as soon as possible in order to mitigate possible attack vectors.

I would also like to remind you that you should never expose the full content of the distributed zip file, as the examples are not fully vetted and might expose you to unwanted risk.

Sean

Reply all
Reply to author
Forward
0 new messages