Ubuntu
movabletype-opensource package

Movabletype should be update on lucid and others to address security vulnerability.

Bug #797212 reported by William Metcalf
6
This bug affects 1 person
Affects Status Importance Assigned to Milestone
movabletype-opensource (Debian)
Fix Released
Unknown
movabletype-opensource (Ubuntu)
New
Undecided
Unassigned

Bug Description

The PBS website was hacked with a security vulnerability found in movable type prior to version 4.3.6.1. See articles below.

http://techcrunch.com/2011/06/09/six-apart-releases-movable-type-updates-to-plug-security-holes-following-pbs-hack/
http://www.movabletype.com/blog/2011/06/movable-type-511-and-5051-4361-security-updates.html

I see that oneiric has been updated to 4.3.6.1 which addresses the unspecified vulns in the PBS hack. Have these fixes been back-ported to Lucid, or are there plans to upgrade Lucid to 4.3.6.1?

#oneriric changelog
http://changelogs.ubuntu.com/changelogs/pool/universe/m/movabletype-opensource/movabletype-opensource_4.3.6.1+dfsg-1/changelog

#lucid changelog
http://changelogs.ubuntu.com/changelogs/pool/universe/m/movabletype-opensource/movabletype-opensource_4.3.3-1/changelog

Revision history for this message
William Metcalf (william-metcalf) wrote :

It seems that this issue has been addressed in Debian.

http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=627936

Bug Watch Updater (bug-watch-updater)
Changed in movabletype-opensource (Debian):
status: Unknown → Fix Released
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.