[geeklog-cvs] geeklog: Updated version numbers and list of changes

geeklog-cvs at lists.geeklog.net geeklog-cvs at lists.geeklog.net
Mon Apr 13 12:05:19 EDT 2009 

details:   http://project.geeklog.net/cgi-bin/hgweb.cgi/rev/bd0dc0217703
changeset: 6942:bd0dc0217703
user:      Dirk Haun <dirk at haun-online.de>
date:      Mon Apr 13 15:57:21 2009 +0200
description:
Updated version numbers and list of changes

diffstat:

4 files changed, 22 insertions(+), 4 deletions(-)
public_html/admin/install/index.php |    2 +-
public_html/docs/changes.html       |    7 +++++--
public_html/docs/history            |   15 +++++++++++++++
public_html/siteconfig.php.dist     |    2 +-

diffs (68 lines):

diff -r 5d4ce27e033e -r bd0dc0217703 public_html/admin/install/index.php
--- a/public_html/admin/install/index.php	Mon Apr 13 15:20:33 2009 +0200
+++ b/public_html/admin/install/index.php	Mon Apr 13 15:57:21 2009 +0200
@@ -48,7 +48,7 @@
     define("LB", "\n");
 }
 if (!defined('VERSION')) {
-    define('VERSION', '1.5.2sr2');
+    define('VERSION', '1.5.2sr3');
 }
 if (!defined('XHTML')) {
     define('XHTML', ' /');
diff -r 5d4ce27e033e -r bd0dc0217703 public_html/docs/changes.html
--- a/public_html/docs/changes.html	Mon Apr 13 15:20:33 2009 +0200
+++ b/public_html/docs/changes.html	Mon Apr 13 15:57:21 2009 +0200
@@ -16,12 +16,15 @@
 <a href="history">ChangeLog</a>. The file <tt>docs/changed-files</tt> has a list
 of files that have been changed since the last release.</p>
 
+<h2><a name="changes152sr3">Geeklog 1.5.2sr3</a></h2>
+
+<p>Bookoo of the Nine Situations Group posted another SQL injection exploit, this time targetting the webservices API. As with the previous issue, this allowed an attacker to extract the password hash for any account and is fixed with this release.
+
+
 <h2><a name="changes152sr2">Geeklog 1.5.2sr2</a></h2>
 
 <p>Bookoo of the Nine Situations Group posted an SQL injection exploit for glFusion that also works with Geeklog. This issue allowed an attacker to extract the password hash for any account and is fixed with this release.</p>
 
-
-<p>Fernando Muñoz reported a possible <a href="http://en.wikipedia.org/wiki/XSS" title="Click to look up 'XSS' on Wikipedia" style="text-decoration: none; color: black; border-bottom: 1px dotted black;">XSS</a> in the query form on most admin panels that we are fixing with this release.</p>
 
 <h2><a name="changes152sr1">Geeklog 1.5.2sr1</a></h2>
 
diff -r 5d4ce27e033e -r bd0dc0217703 public_html/docs/history
--- a/public_html/docs/history	Mon Apr 13 15:20:33 2009 +0200
+++ b/public_html/docs/history	Mon Apr 13 15:57:21 2009 +0200
@@ -1,4 +1,19 @@
 Geeklog History/Changes:
+
+Apr 13, 2009 (1.5.2sr3)
+------------
+
+This release addresses the following security issue:
+
+Bookoo of the Nine Situations Group posted another SQL injection exploit, this
+time targetting the webservices API. As with the previous issue, this allowed
+an attacker to extract the password hash for any account and is fixed with this
+release.
+
+Not security-related:
+- Re-introduced function get_SPX_Ver in the install script, which is still
+  needed when upgrading from old Geeklog releases (reported by Sheila) [Dirk]
+
 
 Apr 4, 2009 (1.5.2sr2)
 -----------
diff -r 5d4ce27e033e -r bd0dc0217703 public_html/siteconfig.php.dist
--- a/public_html/siteconfig.php.dist	Mon Apr 13 15:20:33 2009 +0200
+++ b/public_html/siteconfig.php.dist	Mon Apr 13 15:57:21 2009 +0200
@@ -38,7 +38,7 @@
   define('LB',"\n");
 }
 if (!defined('VERSION')) {
-  define('VERSION', '1.5.2sr2');
+  define('VERSION', '1.5.2sr3');
 }
 
 ?>

More information about the geeklog-cvs mailing list