[Project_owners] [URGENT] Action required: mozdev security flaw

Mycroft Project mycroft.mozdev.org at gmail.com
Tue Sep 28 16:40:16 PDT 2010


That's not a workable solution.
All Mycroft files request updates from a .php file.
I'm currently seeing near total bustage and am consequently pretty pissed off.
If someone comes and finds me on IRC I'd be grateful.

On 29 September 2010 00:22, Eric H. Jung <eric.jung at yahoo.com> wrote:
> For any projects that now have PHP enabled, please rename files ending in
> .php to .html. Files with the .php extension no longer execute through the
> PHP interpreter.
>
> Eric
>
> On Mon, Sep 27, 2010 at 12:46 PM, Eric H. Jung <eric.jung at yahoo.com> wrote:
>>
>> Hello,
>>
>> It has been brought to the attention of the mozdev board of directors,
>> system administrators, and volunteers that the mozdev.org hosting code has
>> critical security flaws. The short-term fix is to immediately disable PHP on
>> mozdev project pages except for those projects that:
>>
>> 1. Explicitly request PHP enabled for their project by emailing
>> sysadmin at mozdev.org,
>> and
>> 2. Are granted such request by executive decision of mozdev.org's board,
>> system administrators, and/or volunteers.
>>
>> If you require PHP for your project, please email sysadmin at mozdev.org. We
>> will not be waiting to hear from you; PHP is being disabled *today*.
>>
>> We apologize for the short notice, but we have information that mozdev.org
>> may be attacked by nefarious individuals.
>>
>> Kind regards,
>> Eric Jung
>
>
> _______________________________________________
> Project_owners mailing list
> Project_owners at mozdev.org
> https://www.mozdev.org/mailman/listinfo/project_owners
>
>



-- 
Charles Caygill
Mycroft Project Owner
http://mycroft.mozdev.org


More information about the Project_owners mailing list