[geeklog-cvs] geeklog-1.3/public_html/docs changes.html,1.33,1.34 history,1.247,1.248

dhaun at iowaoutdoors.org dhaun at iowaoutdoors.org
Mon Oct 11 14:21:05 EDT 2004 

Update of /var/cvs/geeklog-1.3/public_html/docs
In directory www:/tmp/cvs-serv24899

Modified Files:
	changes.html history 
Log Message:
Updated documentation and synced with the 1.3.9sr2 / 1.3.8-1sr6 releases.


Index: changes.html
===================================================================
RCS file: /var/cvs/geeklog-1.3/public_html/docs/changes.html,v
retrieving revision 1.33
retrieving revision 1.34
diff -C2 -d -r1.33 -r1.34
*** changes.html	5 Oct 2004 20:02:20 -0000	1.33
--- changes.html	11 Oct 2004 18:21:03 -0000	1.34
***************
*** 143,146 ****
--- 143,164 ----
  
  
+ <h2><a name="changes139sr2">Geeklog 1.3.9sr2</a></h2>
+ <p>This release addresses the following security issues:</p>
+ 
+ <ol>
+ <li>Fixed a cross site scripting vulnerability caused by using the variable
+     <code>$topic</code> in the language files (bug #293).</li>
+ <li>Prevent comment posts on stories or polls were comment posting has been
+     disabled.</li>
+ </ol>
+ 
+ <h3>Other fixes</h3>
+ <ul>
+ <li>Fixed <tt>lib-plugins.php</tt> to work properly with PHP 5.</li>
+ <li>The complete tarball also includes updated PEAR packaged that fix
+     some of the reported email problems.</li>
+ </ul>
+ 
+ 
  <h2><a name="changes139sr1">Geeklog 1.3.9sr1</a></h2>
  <p>This release addresses the following security issues:</p>
***************
*** 243,246 ****
--- 261,286 ----
  
  
+ <h2><a name="changes138-1sr6">Geeklog 1.3.8-1sr6</a></h2>
+ <p>This release addresses the following security issues:</p>
+ 
+ <ol>
+ <li>Fixed a cross site scripting vulnerability caused by using the variable
+     <code>$topic</code> in the language files (bug #293).</li>
+ <li>Prevent comment posts on stories or polls were comment posting has been
+     disabled.</li>
+ </ol>
+ 
+ 
+ <h2><a name="changes138-1sr5">Geeklog 1.3.8-1sr5</a></h2>
+ <p>This release addresses the following security issue:</p>
+ 
+ <ol>
+ <li>It was possible to post anonymous comments, even when anonymous comment
+     posting had been switched off in config.php.<br>
+     This bug was apparently exploited by spammers to send hundreds of spam
+     posts to certain Geeklog sites.</li>
+ </ol>
+ 
+ 
  <h2><a name="changes138-1sr4">Geeklog 1.3.8-1sr4</a></h2>
  <p>This release addresses the following security issues:</p>

Index: history
===================================================================
RCS file: /var/cvs/geeklog-1.3/public_html/docs/history,v
retrieving revision 1.247
retrieving revision 1.248
diff -C2 -d -r1.247 -r1.248
*** history	7 Oct 2004 21:10:23 -0000	1.247
--- history	11 Oct 2004 18:21:03 -0000	1.248
***************
*** 4,7 ****
--- 4,9 ----
  ------------
  
+ - Fixed link to the Anonymous user's profile in comment/thread.thtml [Dirk]
+ - Added Location field to the user profile [Blaine]
  - In the light of bug #293, removed all variable names from the language files,
    leaving only the $_CONF config variables [Dirk]
***************
*** 350,353 ****
--- 352,376 ----
  
  
+ Oct 8, 2004 (1.3.9sr2)
+ -----------
+ 
+ This release addresses 2 security issues:
+ 
+ - Fixed a cross site scripting vulnerability caused by using the $topic
+   variable in the language files ($LANG05[3]) where it should have been
+   using '%s' instead (bug #293) [Vinny, Dirk]
+ - It was possible to post comments to stories or polls for which comment
+   posting had been switched off [Dirk]
+   This was only a problem if you allowed anonymous posts or when spammers
+   went through the trouble of actually signing up for an account before
+   posting.
+ 
+ Non-security related fixes:
+ 
+ - Fixed lib-plugins.php to be compatible with PHP 5 [Dirk]
+ - Includes updated PEAR packages to resolve email problems some users were
+   having (especially with safe_mode being on).
+ 
+ 
  Jun 1, 2004 (1.3.9sr1)
  -----------
***************
*** 685,688 ****
--- 708,728 ----
  
  
+ Oct 8, 2004 (1.3.8-1sr6)
+ -----------
+ 
+ This release addresses 2 security issues:
+ 
+ - Fixed a cross site scripting vulnerability caused by using the $topic
+   variable in the language files ($LANG05[3]) where it should have been
+   using '%s' instead (bug #293) [Vinny, Dirk]
+   Note: german.php was not affected and is therefore not included.
+ 
+ - It was possible to post comments to stories or polls for which comment
+   posting had been switched off [Dirk]
+   This was only a problem if you allowed anonymous posts or when spammers
+   went through the trouble of actually signing up for an account before
+   posting.
+ 
+ 
  Jun 1, 2004 (1.3.8-1sr5)
  -----------

More information about the geeklog-cvs mailing list