W3C home > Mailing lists > Public > w3c-wai-er-ig@w3.org > June 2002

[OT] Betsie Security Bugfix Release Version 1.5.12

From: Wayne Myers <wayne.myers@bbc.co.uk>
Date: Wed, 26 Jun 2002 16:32:16 +0100
Message-ID: <AE96FE60030DD6119FD80001FA7ED9506C792D@w12wcedxu02.wc.bbc.co.uk>
To: w3c-wai-er-ig@w3.org
Cc: "'w3c-wai-ig@w3.org'" <w3c-wai-ig@w3.org>


This mail is not relevant to you unless you are managing a site that runs a
of Betsie, a CGI script providing on-the-fly text-only views of (fairly)

I made a new release of Betsie as of yesterday, version 1.5.12, which fixes
a couple of quite nasty security-related bugs, so I would strongly urge
anyone managing
a site with an installation of Betsie to please upgrade to the latest
version as soon as possible.

You can get the latest code from here:


or here:


Details of the problems and the fix are in the Changelog.

Please accept my apologies for this - the errors were egregious and all my
fault. They are
now fixed and hopefully no more such errors remain.

The security consultant who discovered the problem is likely to make an
announcement on
bugtraq next week about it, meaning that the fact that versions of Betsie
prior to 1.5.12
are vulnerable to certain attacks will be more widely known.

This is why I have copied w3c-wai-ig in on this announcement, in order to
catch Betsie users neither on w3c-wai-er-ig (where Betsie announcements
normally go, and where on-list replies to this mail should be sent) nor
betsie-devel, who need to know about this ASAP. 

My apologies if that turns out to have been a misjudgement on my part.

If there are any problems or anything with the new release, as ever, please
don't hesitate to get in touch with me directly by email.

Cheers etc.,


Wayne Myers
Betsie Project
BBC Interactive F&L

This e-mail (and any attachments) is confidential and may contain personal
views which are not the views of the BBC unless specifically stated.
If you have received it in error, please delete it from your system, do not use,
copy or disclose the information in any way nor act in reliance on it and notify
the sender immediately. Please note that the BBC monitors e-mails sent
or received. Further communication will signify your consent to this.
Received on Wednesday, 26 June 2002 11:32:47 UTC

This archive was generated by hypermail 2.3.1 : Tuesday, 6 January 2015 21:01:34 UTC