Update of mhonarc
Modified Files:
homepage.html
Log Message:
Updates for new release and security advisory.
======================================================================
FILE: mhonarc/homepage.html
<http://www.mhonarc.org/cgi-bin/viewcvs.cgi/*checkout*/mhonarc/homepage.html?rev=1.84>
<http://www.mhonarc.org/cgi-bin/viewcvs.cgi/mhonarc/homepage.html.diff?r1=1.83&r2=1.84&diff_format=h>
--- homepage.html 1 Jan 2011 00:46:16 -0000 1.83
+++ homepage.html 9 Jan 2011 09:26:55 -0000 1.84
@@ -73,10 +73,29 @@
<table border=0 cellpadding=1 width="100%">
+<tr><td colspan="2" width="100%" style="background:yellow;"><p style="text-align:center; color:red;"><strong>*** SECURITY ADVISORY ***</strong></p></td></tr>
+<tr><td valign="top" colspan="2" style="background:yellow;"><p>MHonArc
+release prior to v2.6.17 have
+known vulnerabilities to the HTML filter, making web sites hosting
+MHonArc web archives vulnerable to XSS attackes. All users
+are <b>STRONGLY</b> encouraged to upgrade to the latest release.
+</p>
+<p>If you are unable to upgrade immediately, and you are operating
+a site that archives messages from untrusted sources, please
+see the following item in the MHonArc FAQ:
+<a href="MHonArc/doc/faq/security.html#htmlexchow">So how can I exclude HTML mail?</a>. Even with the fixes provided in v2.6.17, it is
+<b>HIGHLY RECOMMENDED</b> to neutralize HTML data for any archive
+containing content from untrusted sources.
+</p>
+</tr>
+<tr><td colspan="2"> </td></tr>
<tr>
-<td valign=top><strong>Jun 09, 2006: </strong>
+<td valign=top><strong>Jan 09, 2011: </strong>
</td>
-<td width="100%"><p><b>v2.6.16</b> released:
-<a href="https://savannah.nongnu.org/bugs/index.php?go_report=Apply&group=mhonarc&func=browse&set=custom&msort=0&report_id=105&advsrch=0&category_id=0&fix_release=2.6.16";
->Several bugs fixed</a>.
+<td width="100%"><p><b>v2.6.17</b> released:
+Security vulnerabilities and numerous bugs have been fixed.
+More information is available in
+<a href="MHonArc/CHANGES">CHANGES</a> and the
+<a target="top" href="http://www.mhonarc.org/cgi-bin/mhafixes.cgi?v=2.6.17";>v2.6.17
+bug fix report</a>.
</p>
</td>
@@ -147,5 +166,5 @@
<a href="http://www.gnu.org/";>GNU</a>
<a href="MHonArc/COPYING">General Public License</a>.
-The latest version of MHonArc is v2.6.16.</p>
+The latest version of MHonArc is v2.6.17.</p>
<table class="caution" width="100%">
@@ -167,8 +186,8 @@
MD5 Checksum Filename Size - Sig
--------------------------------- --------------------------- -------------
-18b2584c170ed016d378a04a0de368c6 <a href="release/MHonArc/tar/MHonArc-2.6.16-1.noarch.rpm">MHonArc-2.6.16-1.noarch.rpm</a> 1929629 - <a href="release/MHonArc/tar/MHonArc-2.6.16-1.noarch.rpm.sig">Sig</a>
-1aae948971869d6fdf3d810d9894b3db <a href="release/MHonArc/tar/MHonArc-2.6.16.tar.bz2">MHonArc-2.6.16.tar.bz2</a> 1562490 - <a href="release/MHonArc/tar/MHonArc-2.6.16.tar.bz2.sig">Sig</a>
-4ea5bd6630ffdae157a751ca97bc3ec3 <a href="release/MHonArc/tar/MHonArc-2.6.16.tar.gz">MHonArc-2.6.16.tar.gz</a> 1932796 - <a href="release/MHonArc/tar/MHonArc-2.6.16.tar.gz.sig">Sig</a>
-d584ef33cccae8d46f441d94e05dba9a <a href="release/MHonArc/tar/MHonArc-2.6.16.zip">MHonArc-2.6.16.zip</a> 2430411 - <a href="release/MHonArc/tar/MHonArc-2.6.16.zip.sig">Sig</a>
+c02b6cc44a8c5f61e21217bd1d438878 <a href="release/MHonArc/tar/MHonArc-2.6.17-1.noarch.rpm">MHonArc-2.6.17-1.noarch.rpm</a> 1960911 - <a href="release/MHonArc/tar/MHonArc-2.6.17-1.noarch.rpm.sig">Sig</a>
+5db1b96887a9e663bf7f4086eed453ca <a href="release/MHonArc/tar/MHonArc-2.6.17.tar.bz2">MHonArc-2.6.17.tar.bz2</a> 1546919 - <a href="release/MHonArc/tar/MHonArc-2.6.17.tar.bz2.sig">Sig</a>
+1a75548faa72e1d41ece9e670778cd72 <a href="release/MHonArc/tar/MHonArc-2.6.17.tar.gz">MHonArc-2.6.17.tar.gz</a> 1984816 - <a href="release/MHonArc/tar/MHonArc-2.6.17.tar.gz.sig">Sig</a>
+1e47f54c830c209464b01c42b55758ed <a href="release/MHonArc/tar/MHonArc-2.6.17.zip">MHonArc-2.6.17.zip</a> 2441255 - <a href="release/MHonArc/tar/MHonArc-2.6.17.zip.sig">Sig</a>
--------------------------------- --------------------------- -------------
</pre>
---------------------------------------------------------------------
To sign-off this list, send email to majordomo(_at_)mhonarc(_dot_)org with the
message text UNSUBSCRIBE MHONARC-COMMITS