Thanks for being one of the few Valve people who give any kind of communication, but that is a pretty bad explanation.
One can say it is unlikely that people have been exploited because it was disclosed privately and such... but that is not a good security mindset. What exactly is the harm in saying the scope of the vulnerability, especially now that it is fixed? :/ On Wed, Feb 3, 2016 at 7:29 PM, John Schoenick <jo...@valvesoftware.com> wrote: > The issue in question was discovered and reported to us privately, so we > don't expect any action should be necessary for up-to-date servers. > > It is always, of course, a good idea to ensure you are running servers > with the least necessary privilege to limit the scope of any > vulnerabilities future or present. > > - John > > > On 02/02/2016 02:55 PM, Emil Larsson wrote: > > What was this security issue exactly? Any concerns for us server owners > for previously leaked rcon passwords? Or files being uploaded that aren't > sprays? > Den 2 feb 2016 23:26 skrev "Eric Smith" <er...@valvesoftware.com>: > >> We've released a mandatory update for TF2. The update notes are below. >> The new version is 3271684. >> >> -Eric >> >> ------------------------------- >> >> - Fixed a security issue related to the file system (thanks to Simon >> Pinfold for this report) >> - Fixed a client crash related to the material system >> - Fixed a crash when using medium or low texture quality on maps with >> static prop lighting >> - Fixed not seeing team names when using custom scoreboards >> - Fixed leaderboards occasionally not displaying when changing map >> - Improved bspzip tool stability when packing maps with large amounts of >> custom assets >> - Updated the contents of the Gargoyle Case, the Fall 2013 Acorns Crate, >> the Love And War Cosmetics Bundle, the Mann Co. Strongbox, and the Mann Co. >> Stockpile Crate >> - Updated the model/materials for the Crusader's Getup and Arthropod's >> Aspect >> - Updated The HazMat Headcase so it can be equipped by the Sniper >> - Updated The Mustachioed Mann so it can be equipped by all classes and >> added a second style >> - Updated The Special Eyes so it can be equipped by the Pyro and added a >> second style >> - Updated The Frenchman's Formals to hide the Scout's dog-tags >> - Updated the equip_region for the Cheater's Lament and added a new style >> - Updated the Backburner to add the pilot light >> - Updated the Rainblower to remove the pilot light >> - Updated several materials to fix issues caused by mat_picmip >> - Updated the localization files >> - Updated pl_borneo >> - Fixed an exploit where players could get outside the map >> - Updated ctf_landfall >> - Fixed some material issues >> - Updated cp_vanguard >> - Added new path to the last point >> - New geometry to reduce sightlines on the middle point >> - Reorganized spawn points to better exit final spawns >> - Fixed Red forward spawn door blocking when held open >> - Fixed some material issues >> >> _______________________________________________ >> To unsubscribe, edit your list preferences, or view the list archives, >> please visit: >> https://list.valvesoftware.com/cgi-bin/mailman/listinfo/hlds >> > > > _______________________________________________ > To unsubscribe, edit your list preferences, or view the list archives, please > visit:https://list.valvesoftware.com/cgi-bin/mailman/listinfo/hlds > > > > _______________________________________________ > To unsubscribe, edit your list preferences, or view the list archives, > please visit: > https://list.valvesoftware.com/cgi-bin/mailman/listinfo/hlds > >
_______________________________________________ To unsubscribe, edit your list preferences, or view the list archives, please visit: https://list.valvesoftware.com/cgi-bin/mailman/listinfo/hlds