[ic] Security Problem in Interchange

Grant emailgrant123b at yahoo.com
Mon Mar 29 20:06:59 EST 2004

--- Jon Jensen <jon at endpoint.com> wrote:
> On Mon, 29 Mar 2004, Grant wrote:
> > So I am safe without the patch if I don't use
> > @@MV_PREV_PAGE@@ and [subject] at all?
> At least for the particular exploit that has been
> discussed. It's possible 
> there are other pages that use @@MV_PREV_PAGE@@ or
> [subject] that could be 
> vulnerable, and protecting against the unknown is
> what the patch is good 
> for. But for a quick fix against this particular
> problem, yes, scrubbing 
> special_pages/missing.html seems to do the trick.
> Jon

Sounds good.  Thanks Jon.

- Grant

Do you Yahoo!?
Yahoo! Finance Tax Center - File online. File on time.

More information about the interchange-users mailing list