Hello Marco, It looks like Gregarius is not affected because we are not using the official Snoopy sources. I wrote a little note on ticket 241. I hope someone can double check and verify this. Sameer On Fri, Oct 28, 2005 at 07:36:03AM +0200, Marco Bonetti wrote: > Date: Fri, 28 Oct 2005 07:36:03 +0200 > From: Marco Bonetti <mbonetti at gmail.com> > To: gregarius-dev at sinless.org > Subject: [greg-dev] Security hole in Snoopy > Reply-To: gregarius-dev at sinless.org > > Hello, > > A security hole allowing for arbitrary code execution has been > discovered in the Snoopy class: http://www.sec-consult.com/216.html > > Gregarius installations whose Administration area aren't > password-protected (e.g. where anyone can subscribe to feeds) are > affected by this bug. > > I'll analyze this issue ASAP and consider whether a new release is necessary. > > In the meantime, please make sure that your Gregarius admin area is > password protected, if your installation is publicly accessible from > the web. > > I've created ticket #241 http://svn.gregarius.net/trac/ticket/241 to > track this issue. > > -m > > _______________________________________________ > gregarius-dev mailing list > gregarius-dev at sinless.org > http://sinless.org/mailman/listinfo/gregarius-dev