[geeklog-cvs] geeklog-1.3/docs changes.html,1.10.2.1.2.2,1.10.2.1.2.3 history,1.63.2.1.2.2,1.63.2.1.2.3
dhaun at geeklog.net
dhaun at geeklog.net
Sat Jan 24 11:34:54 EST 2004
Update of /usr/cvs/geeklog/geeklog-1.3/docs
In directory geeklog_prod:/tmp/cvs-serv12172/docs
Modified Files:
Tag: geeklog_1_3_7sr2_1
changes.html history
Log Message:
Updated documentation
Index: changes.html
===================================================================
RCS file: /usr/cvs/geeklog/geeklog-1.3/docs/changes.html,v
retrieving revision 1.10.2.1.2.2
retrieving revision 1.10.2.1.2.3
diff -C2 -d -r1.10.2.1.2.2 -r1.10.2.1.2.3
*** changes.html 19 Jan 2004 20:12:48 -0000 1.10.2.1.2.2
--- changes.html 24 Jan 2004 16:34:52 -0000 1.10.2.1.2.3
***************
*** 38,41 ****
--- 38,50 ----
<li>It was possible to browse through the comments of a story even if the user
did not have access to the actual story (reported by Peter Roozemaal).</li>
+ <li>Due to an XSS issue, it was possible to change someone's account settings
+ (including the password) if you got them to click on a specially crafted
+ link (reported by Jelmer, fix suggested by Vincent Furia).</li>
+ <li>The comment display suffered from the possibility of an SQL injection
+ (reported by Jelmer).</li>
+ <li>It was possible to inject Javascript code in the calendar (reported by
+ Jelmer).</li>
+ <li>It was possible to execute (but not save) Javascript code in the comment
+ preview (reported by Jelmer).</li>
</ol>
Index: history
===================================================================
RCS file: /usr/cvs/geeklog/geeklog-1.3/docs/history,v
retrieving revision 1.63.2.1.2.2
retrieving revision 1.63.2.1.2.3
diff -C2 -d -r1.63.2.1.2.2 -r1.63.2.1.2.3
*** history 19 Jan 2004 20:12:48 -0000 1.63.2.1.2.2
--- history 24 Jan 2004 16:34:52 -0000 1.63.2.1.2.3
***************
*** 1,5 ****
GeekLog History/Changes:
! January 21, 2004 (1.3.7sr5)
----------------
--- 1,5 ----
GeekLog History/Changes:
! January 26, 2004 (1.3.7sr5)
----------------
***************
*** 16,19 ****
--- 16,28 ----
4. It was possible to browse through the comments of a story even if the user
did not have access to the actual story (reported by Peter Roozemaal).
+ 5. Due to an XSS issue, it was possible to change someone's account settings
+ (including the password) if you got them to click on a specially crafted
+ link (reported by Jelmer, fix suggested by Vincent Furia).
+ 6. The comment display suffered from the possibility of an SQL injection
+ (reported by Jelmer).
+ 7. It was possible to inject Javascript code in the calendar (reported by
+ Jelmer).
+ 8. It was possible to execute (but not save) Javascript code in the comment
+ preview (reported by Jelmer).
More information about the geeklog-cvs
mailing list