[geeklog-cvs] geeklog: Updated version numbers and list of changes

geeklog-cvs at lists.geeklog.net geeklog-cvs at lists.geeklog.net
Sat Apr 18 07:23:26 EDT 2009 

details:   http://project.geeklog.net/cgi-bin/hgweb.cgi/rev/c8ee796a9cb9
changeset: 6954:c8ee796a9cb9
user:      Dirk Haun <dirk at haun-online.de>
date:      Sat Apr 18 09:58:24 2009 +0200
description:
Updated version numbers and list of changes

diffstat:

4 files changed, 19 insertions(+), 3 deletions(-)
public_html/admin/install/index.php |    2 +-
public_html/docs/changes.html       |    7 ++++++-
public_html/docs/history            |   11 +++++++++++
public_html/siteconfig.php.dist     |    2 +-

diffs (62 lines):

diff -r bf1cdc081217 -r c8ee796a9cb9 public_html/admin/install/index.php
--- a/public_html/admin/install/index.php	Fri Apr 17 14:42:28 2009 -0600
+++ b/public_html/admin/install/index.php	Sat Apr 18 09:58:24 2009 +0200
@@ -48,7 +48,7 @@
     define("LB", "\n");
 }
 if (!defined('VERSION')) {
-    define('VERSION', '1.5.2sr3');
+    define('VERSION', '1.5.2sr4');
 }
 if (!defined('XHTML')) {
     define('XHTML', ' /');
diff -r bf1cdc081217 -r c8ee796a9cb9 public_html/docs/changes.html
--- a/public_html/docs/changes.html	Fri Apr 17 14:42:28 2009 -0600
+++ b/public_html/docs/changes.html	Sat Apr 18 09:58:24 2009 +0200
@@ -16,9 +16,14 @@
 <a href="history">ChangeLog</a>. The file <tt>docs/changed-files</tt> has a list
 of files that have been changed since the last release.</p>
 
+<h2><a name="changes152sr4">Geeklog 1.5.2sr4</a></h2>
+
+<p>Bookoo of the Nine Situations Group posted another SQL injection exploit, targetting an old bug in usersettings.php. As with the previous issues, this allowed an attacker to extract the password hash for any account and is fixed with this release.</p>
+
+
 <h2><a name="changes152sr3">Geeklog 1.5.2sr3</a></h2>
 
-<p>Bookoo of the Nine Situations Group posted another SQL injection exploit, this time targetting the webservices API. As with the previous issue, this allowed an attacker to extract the password hash for any account and is fixed with this release.
+<p>Bookoo of the Nine Situations Group posted another SQL injection exploit, this time targetting the webservices API. As with the previous issue, this allowed an attacker to extract the password hash for any account and is fixed with this release.</p>
 
 
 <h2><a name="changes152sr2">Geeklog 1.5.2sr2</a></h2>
diff -r bf1cdc081217 -r c8ee796a9cb9 public_html/docs/history
--- a/public_html/docs/history	Fri Apr 17 14:42:28 2009 -0600
+++ b/public_html/docs/history	Sat Apr 18 09:58:24 2009 +0200
@@ -1,4 +1,15 @@
 Geeklog History/Changes:
+
+Apr 18, 2009 (1.5.2sr4)
+------------
+
+This release addresses the following security issue:
+
+Bookoo of the Nine Situations Group posted another SQL injection exploit,
+targetting an old bug in usersettings.php. As with the previous issues, this
+allowed an attacker to extract the password hash for any account and is fixed
+with this release.
+
 
 Apr 13, 2009 (1.5.2sr3)
 ------------
diff -r bf1cdc081217 -r c8ee796a9cb9 public_html/siteconfig.php.dist
--- a/public_html/siteconfig.php.dist	Fri Apr 17 14:42:28 2009 -0600
+++ b/public_html/siteconfig.php.dist	Sat Apr 18 09:58:24 2009 +0200
@@ -38,7 +38,7 @@
   define('LB',"\n");
 }
 if (!defined('VERSION')) {
-  define('VERSION', '1.5.2sr3');
+  define('VERSION', '1.5.2sr4');
 }
 
 ?>

More information about the geeklog-cvs mailing list