[geeklog-cvs] geeklog-1.3/docs changes.html,1.18.2.1,1.18.2.2 history,1.120.2.1,1.120.2.2

[dhaun at geeklog.net]

Update of /usr/cvs/geeklog/geeklog-1.3/docs
In directory geeklog_prod:/tmp/cvs-serv31595/docs

Modified Files:
      Tag: geeklog_1_3_8_1_1
	changes.html history 
Log Message:
Documentation update for release


Index: changes.html
===================================================================
RCS file: /usr/cvs/geeklog/geeklog-1.3/docs/changes.html,v
retrieving revision 1.18.2.1
retrieving revision 1.18.2.2
diff -C2 -d -r1.18.2.1 -r1.18.2.2
*** changes.html	12 Oct 2003 12:33:31 -0000	1.18.2.1
--- changes.html	14 Oct 2003 21:21:56 -0000	1.18.2.2
***************
*** 23,26 ****
--- 23,33 ----
  of files that have been changed since the last release.</p>
  
+ <h2><a name="changes138-1sr2">Geeklog 1.3.8-1sr2</a></h2>
+ 
+ <p>Jouko Pynnonen found a way to trick the new "forgot password" feature, introduced in 1.3.8, into letting an attacker change the password for <em>any</em> account. This release addresses this issue - there were no other changes.</p>
+ 
+ <p>Obviously, we strongly recommend to upgrade as soon as possible.</p>
+ 
+ 
  <h2><a name="changes138-1sr1">Geeklog 1.3.8-1sr1</a></h2>
  

Index: history
===================================================================
RCS file: /usr/cvs/geeklog/geeklog-1.3/docs/history,v
retrieving revision 1.120.2.1
retrieving revision 1.120.2.2
diff -C2 -d -r1.120.2.1 -r1.120.2.2
*** history	12 Oct 2003 12:33:31 -0000	1.120.2.1
--- history	14 Oct 2003 21:21:56 -0000	1.120.2.2
***************
*** 1,4 ****
--- 1,12 ----
  GeekLog History/Changes:
  
+ October 14, 2003 (1.3.8-1sr2)
+ ----------------
+ 
+ Jouko Pynnonen found a way to trick the new "forgot password" feature,
+ introduced in 1.3.8, into letting an attacker change the password for _any_
+ account. This release addresses this issue - there were no other changes.
+ 
+ 
  October 12, 2003 (1.3.8-1sr1)
  ----------------