[geeklog-cvs] geeklog: Synced list of changes with 1.5.2sr4

geeklog-cvs at lists.geeklog.net geeklog-cvs at lists.geeklog.net
Sat Apr 18 07:28:04 EDT 2009 

details:   http://project.geeklog.net/cgi-bin/hgweb.cgi/rev/c576291f3575
changeset: 6956:c576291f3575
user:      Dirk Haun <dirk at haun-online.de>
date:      Sat Apr 18 13:27:50 2009 +0200
description:
Synced list of changes with 1.5.2sr4

diffstat:

2 files changed, 16 insertions(+)
public_html/docs/changes.html |    5 +++++
public_html/docs/history      |   11 +++++++++++

diffs (36 lines):

diff -r 317c2bc8e5a5 -r c576291f3575 public_html/docs/changes.html
--- a/public_html/docs/changes.html	Fri Apr 17 14:50:21 2009 -0600
+++ b/public_html/docs/changes.html	Sat Apr 18 13:27:50 2009 +0200
@@ -35,6 +35,11 @@
 <li>The minimum PHP version required by Geeklog is now <strong>PHP 4.3.0</strong>. Given that the PHP team ended support for PHP 4 in August 2008, you should be
 looking into upgrading to PHP 5 anyway.</li>
 </ul>
+
+
+<h2><a name="changes152sr4">Geeklog 1.5.2sr4</a></h2>
+
+<p>Bookoo of the Nine Situations Group posted another SQL injection exploit, targetting an old bug in usersettings.php. As with the previous issues, this allowed an attacker to extract the password hash for any account and is fixed with this release.</p>
 
 
 <h2><a name="changes152sr3">Geeklog 1.5.2sr3</a></h2>
diff -r 317c2bc8e5a5 -r c576291f3575 public_html/docs/history
--- a/public_html/docs/history	Fri Apr 17 14:50:21 2009 -0600
+++ b/public_html/docs/history	Sat Apr 18 13:27:50 2009 +0200
@@ -143,6 +143,17 @@
   now [Dirk]
 - Display "successfully saved" and "successfully deleted" messages, just like
   every other plugin and built-in function does (bug #0000644) [Dirk]
+
+
+Apr 18, 2009 (1.5.2sr4)
+------------
+
+This release addresses the following security issue:
+
+Bookoo of the Nine Situations Group posted another SQL injection exploit,
+targetting an old bug in usersettings.php. As with the previous issues, this
+allowed an attacker to extract the password hash for any account and is fixed
+with this release.
 
 
 Apr 13, 2009 (1.5.2sr3)

More information about the geeklog-cvs mailing list