Hi, If you use Movabletype from Debian stable, you may be exposed to a possible SQL injection attack and remote code execution attack, as described at
http://www.movabletype.org/2013/01/movable_type_438_patch.html There is an update in the pipeline as discussed in http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=697666 but you may wish to temporarily disable access to mt-upgrade.cgi (which should not affect normal operation of MT) until this is released. Dominic. -- Dominic Hargreaves | http://www.larted.org.uk/~dom/ PGP key 5178E2A5 from the.earth.li (keyserver,web,email) -- To UNSUBSCRIBE, email to debian-security-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/20130110111945.gb5...@urchin.earth.li