Re: Don't mention the...
In the interest of factual honesty, I seem to be mistaken here. (East, West, and reunited) Germany appears to have had the same deviations from the current DST regulations as Norway in 1980, and in 1981-1996.
11 publicly visible posts • joined 9 Jan 2009
TimThumb is not a WordPress plugin.
It is more commonly a part of themes and other WordPress plugins, so you won't know that your TimThumb is out of date. You have to trust that the WordPress plugin creators provide an updated version.
Unfortunately, many of the plugins and themes using TimThumb are commercially paid editions which are not managed directly by WordPress' own plugin database, you download and install them semi-manually or fully manually.
Also, these plugins and themes rarely publish which TimThumb version they use, they don't publish security advisories or notes regarding their products, and and and.
Nevermind that the entire concept of TimThumb is b0rken, technically speaking. :)
Generally, allowing pluggable PHP code is a Bad Thing security wise.
http://www.adobe.com/support/security/bulletins/apsb09-01.html
The link IS in the advisory that El Reg links to, but the iDefense advisory sucks royally.
"iDefense has confirmed the existence of this vulnerability in latest version of Flash Player, version 9.0.124.0. Previous versions may also be affected."
Well, that's not the latest version of Flash Player, not by a long mile. This marks down iDefense as an unreliable source for advisories in my book.