[REBOL] Ann: Rugby major security update
From: koopmans::itr::ing::nl at: 4-Feb-2002 9:45
All,
The bug Romano described in his email this weekend has been fixed in Rugby
version 4.3.1
This very nasty bug would allow anyone who studied the Rugby message format
to execute aribitrary code on the server due to a 'do' instead of a 'load' in
the function that decompresses the molded message.
I urge everyone to upgrade ASAP, as using versions earlier than 4.3.1 will
make you very vulnerable.
Many thanks to Romano for exposing this bug and providing the sample code.
The new version is available at:
http://www.rebolforces.com/~erebol/download.htm
The mirror at www.vrijheid.net will be updated later.
--Maarten