[Project_owners] [URGENT] Action required: mozdev security flaw

Mycroft Project mycroft.mozdev.org at gmail.com
Tue Sep 28 16:40:59 PDT 2010


and how does that actually improve security!?

On 29 September 2010 00:40, Mycroft Project
<mycroft.mozdev.org at gmail.com> wrote:
> That's not a workable solution.
> All Mycroft files request updates from a .php file.
> I'm currently seeing near total bustage and am consequently pretty pissed off.
> If someone comes and finds me on IRC I'd be grateful.
>
> On 29 September 2010 00:22, Eric H. Jung <eric.jung at yahoo.com> wrote:
>> For any projects that now have PHP enabled, please rename files ending in
>> .php to .html. Files with the .php extension no longer execute through the
>> PHP interpreter.
>>
>> Eric
>>
>> On Mon, Sep 27, 2010 at 12:46 PM, Eric H. Jung <eric.jung at yahoo.com> wrote:
>>>
>>> Hello,
>>>
>>> It has been brought to the attention of the mozdev board of directors,
>>> system administrators, and volunteers that the mozdev.org hosting code has
>>> critical security flaws. The short-term fix is to immediately disable PHP on
>>> mozdev project pages except for those projects that:
>>>
>>> 1. Explicitly request PHP enabled for their project by emailing
>>> sysadmin at mozdev.org,
>>> and
>>> 2. Are granted such request by executive decision of mozdev.org's board,
>>> system administrators, and/or volunteers.
>>>
>>> If you require PHP for your project, please email sysadmin at mozdev.org. We
>>> will not be waiting to hear from you; PHP is being disabled *today*.
>>>
>>> We apologize for the short notice, but we have information that mozdev.org
>>> may be attacked by nefarious individuals.
>>>
>>> Kind regards,
>>> Eric Jung
>>
>>
>> _______________________________________________
>> Project_owners mailing list
>> Project_owners at mozdev.org
>> https://www.mozdev.org/mailman/listinfo/project_owners
>>
>>
>
>
>
> --
> Charles Caygill
> Mycroft Project Owner
> http://mycroft.mozdev.org
>



-- 
Charles Caygill
Mycroft Project Owner
http://mycroft.mozdev.org


More information about the Project_owners mailing list