W3C home > Mailing lists > Public > w3c-wai-ig@w3.org > April to June 2002

[OT] Betsie Security Bugfix Release Version 1.5.12

From: Wayne Myers <wayne.myers@bbc.co.uk>
Date: Wed, 26 Jun 2002 16:32:16 +0100
Message-ID: <AE96FE60030DD6119FD80001FA7ED9506C792D@w12wcedxu02.wc.bbc.co.uk>
To: w3c-wai-er-ig@w3.org
Cc: "'w3c-wai-ig@w3.org'" <w3c-wai-ig@w3.org>

Hi,

This mail is not relevant to you unless you are managing a site that runs a
version
of Betsie, a CGI script providing on-the-fly text-only views of (fairly)
arbitrary
websites.

I made a new release of Betsie as of yesterday, version 1.5.12, which fixes
a couple of quite nasty security-related bugs, so I would strongly urge
anyone managing
a site with an installation of Betsie to please upgrade to the latest
version as soon as possible.

You can get the latest code from here:

http://www.bbc.co.uk/education/betsie/download.html

or here:

http://sourceforge.net/projects/betsie/

Details of the problems and the fix are in the Changelog.

Please accept my apologies for this - the errors were egregious and all my
fault. They are
now fixed and hopefully no more such errors remain.

The security consultant who discovered the problem is likely to make an
announcement on
bugtraq next week about it, meaning that the fact that versions of Betsie
prior to 1.5.12
are vulnerable to certain attacks will be more widely known.

This is why I have copied w3c-wai-ig in on this announcement, in order to
catch Betsie users neither on w3c-wai-er-ig (where Betsie announcements
normally go, and where on-list replies to this mail should be sent) nor
betsie-devel, who need to know about this ASAP. 

My apologies if that turns out to have been a misjudgement on my part.

If there are any problems or anything with the new release, as ever, please
don't hesitate to get in touch with me directly by email.

Cheers etc.,

Wayne

Wayne Myers
Betsie Project
BBC Interactive F&L
http://www.bbc.co.uk/education/betsie/
http://betsie.sourceforge.net/


This e-mail (and any attachments) is confidential and may contain personal
views which are not the views of the BBC unless specifically stated.
If you have received it in error, please delete it from your system, do not use,
copy or disclose the information in any way nor act in reliance on it and notify
the sender immediately. Please note that the BBC monitors e-mails sent
or received. Further communication will signify your consent to this.
Received on Wednesday, 26 June 2002 11:32:48 GMT

This archive was generated by hypermail 2.2.0+W3C-0.50 : Tuesday, 19 July 2011 18:14:05 GMT