- From: Wayne Myers <wayne.myers@bbc.co.uk>
- Date: Wed, 26 Jun 2002 16:32:16 +0100
- To: w3c-wai-er-ig@w3.org
- Cc: "'w3c-wai-ig@w3.org'" <w3c-wai-ig@w3.org>
Hi, This mail is not relevant to you unless you are managing a site that runs a version of Betsie, a CGI script providing on-the-fly text-only views of (fairly) arbitrary websites. I made a new release of Betsie as of yesterday, version 1.5.12, which fixes a couple of quite nasty security-related bugs, so I would strongly urge anyone managing a site with an installation of Betsie to please upgrade to the latest version as soon as possible. You can get the latest code from here: http://www.bbc.co.uk/education/betsie/download.html or here: http://sourceforge.net/projects/betsie/ Details of the problems and the fix are in the Changelog. Please accept my apologies for this - the errors were egregious and all my fault. They are now fixed and hopefully no more such errors remain. The security consultant who discovered the problem is likely to make an announcement on bugtraq next week about it, meaning that the fact that versions of Betsie prior to 1.5.12 are vulnerable to certain attacks will be more widely known. This is why I have copied w3c-wai-ig in on this announcement, in order to catch Betsie users neither on w3c-wai-er-ig (where Betsie announcements normally go, and where on-list replies to this mail should be sent) nor betsie-devel, who need to know about this ASAP. My apologies if that turns out to have been a misjudgement on my part. If there are any problems or anything with the new release, as ever, please don't hesitate to get in touch with me directly by email. Cheers etc., Wayne Wayne Myers Betsie Project BBC Interactive F&L http://www.bbc.co.uk/education/betsie/ http://betsie.sourceforge.net/ This e-mail (and any attachments) is confidential and may contain personal views which are not the views of the BBC unless specifically stated. If you have received it in error, please delete it from your system, do not use, copy or disclose the information in any way nor act in reliance on it and notify the sender immediately. Please note that the BBC monitors e-mails sent or received. Further communication will signify your consent to this.
Received on Wednesday, 26 June 2002 11:32:48 UTC