[geeklog-cvs] geeklog: Synced list of changes with 1.5.2sr4
geeklog-cvs at lists.geeklog.net
geeklog-cvs at lists.geeklog.net
Sat Apr 18 07:28:04 EDT 2009
details: http://project.geeklog.net/cgi-bin/hgweb.cgi/rev/c576291f3575
changeset: 6956:c576291f3575
user: Dirk Haun <dirk at haun-online.de>
date: Sat Apr 18 13:27:50 2009 +0200
description:
Synced list of changes with 1.5.2sr4
diffstat:
2 files changed, 16 insertions(+)
public_html/docs/changes.html | 5 +++++
public_html/docs/history | 11 +++++++++++
diffs (36 lines):
diff -r 317c2bc8e5a5 -r c576291f3575 public_html/docs/changes.html
--- a/public_html/docs/changes.html Fri Apr 17 14:50:21 2009 -0600
+++ b/public_html/docs/changes.html Sat Apr 18 13:27:50 2009 +0200
@@ -35,6 +35,11 @@
<li>The minimum PHP version required by Geeklog is now <strong>PHP 4.3.0</strong>. Given that the PHP team ended support for PHP 4 in August 2008, you should be
looking into upgrading to PHP 5 anyway.</li>
</ul>
+
+
+<h2><a name="changes152sr4">Geeklog 1.5.2sr4</a></h2>
+
+<p>Bookoo of the Nine Situations Group posted another SQL injection exploit, targetting an old bug in usersettings.php. As with the previous issues, this allowed an attacker to extract the password hash for any account and is fixed with this release.</p>
<h2><a name="changes152sr3">Geeklog 1.5.2sr3</a></h2>
diff -r 317c2bc8e5a5 -r c576291f3575 public_html/docs/history
--- a/public_html/docs/history Fri Apr 17 14:50:21 2009 -0600
+++ b/public_html/docs/history Sat Apr 18 13:27:50 2009 +0200
@@ -143,6 +143,17 @@
now [Dirk]
- Display "successfully saved" and "successfully deleted" messages, just like
every other plugin and built-in function does (bug #0000644) [Dirk]
+
+
+Apr 18, 2009 (1.5.2sr4)
+------------
+
+This release addresses the following security issue:
+
+Bookoo of the Nine Situations Group posted another SQL injection exploit,
+targetting an old bug in usersettings.php. As with the previous issues, this
+allowed an attacker to extract the password hash for any account and is fixed
+with this release.
Apr 13, 2009 (1.5.2sr3)
More information about the geeklog-cvs
mailing list