[geeklog-cvs] geeklog-1.3/docs changes.html,1.10.2.1.2.2,1.10.2.1.2.3 history,1.63.2.1.2.2,1.63.2.1.2.3

dhaun at geeklog.net dhaun at geeklog.net
Sat Jan 24 11:34:54 EST 2004 

Update of /usr/cvs/geeklog/geeklog-1.3/docs
In directory geeklog_prod:/tmp/cvs-serv12172/docs

Modified Files:
      Tag: geeklog_1_3_7sr2_1
	changes.html history 
Log Message:
Updated documentation


Index: changes.html
===================================================================
RCS file: /usr/cvs/geeklog/geeklog-1.3/docs/changes.html,v
retrieving revision 1.10.2.1.2.2
retrieving revision 1.10.2.1.2.3
diff -C2 -d -r1.10.2.1.2.2 -r1.10.2.1.2.3
*** changes.html	19 Jan 2004 20:12:48 -0000	1.10.2.1.2.2
--- changes.html	24 Jan 2004 16:34:52 -0000	1.10.2.1.2.3
***************
*** 38,41 ****
--- 38,50 ----
  <li>It was possible to browse through the comments of a story even if the user
      did not have access to the actual story (reported by Peter Roozemaal).</li>
+ <li>Due to an XSS issue, it was possible to change someone's account settings
+     (including the password) if you got them to click on a specially crafted
+     link (reported by Jelmer, fix suggested by Vincent Furia).</li>
+ <li>The comment display suffered from the possibility of an SQL injection
+     (reported by Jelmer).</li>
+ <li>It was possible to inject Javascript code in the calendar (reported by
+     Jelmer).</li>
+ <li>It was possible to execute (but not save) Javascript code in the comment
+     preview (reported by Jelmer).</li>
  </ol>
  

Index: history
===================================================================
RCS file: /usr/cvs/geeklog/geeklog-1.3/docs/history,v
retrieving revision 1.63.2.1.2.2
retrieving revision 1.63.2.1.2.3
diff -C2 -d -r1.63.2.1.2.2 -r1.63.2.1.2.3
*** history	19 Jan 2004 20:12:48 -0000	1.63.2.1.2.2
--- history	24 Jan 2004 16:34:52 -0000	1.63.2.1.2.3
***************
*** 1,5 ****
  GeekLog History/Changes:
  
! January 21, 2004 (1.3.7sr5)
  ----------------
  
--- 1,5 ----
  GeekLog History/Changes:
  
! January 26, 2004 (1.3.7sr5)
  ----------------
  
***************
*** 16,19 ****
--- 16,28 ----
  4. It was possible to browse through the comments of a story even if the user
     did not have access to the actual story (reported by Peter Roozemaal).
+ 5. Due to an XSS issue, it was possible to change someone's account settings
+    (including the password) if you got them to click on a specially crafted
+    link (reported by Jelmer, fix suggested by Vincent Furia).
+ 6. The comment display suffered from the possibility of an SQL injection
+    (reported by Jelmer).
+ 7. It was possible to inject Javascript code in the calendar (reported by
+    Jelmer).
+ 8. It was possible to execute (but not save) Javascript code in the comment
+    preview (reported by Jelmer).

More information about the geeklog-cvs mailing list