[geeklog-cvs] geeklog: Updated documentation and version number
geeklog-cvs at lists.geeklog.net
geeklog-cvs at lists.geeklog.net
Thu Jul 30 13:44:45 EDT 2009
details: http://project.geeklog.net/cgi-bin/hgweb.cgi/rev/052245bd696a
changeset: 7202:052245bd696a
user: Dirk Haun <dirk at haun-online.de>
date: Wed Jul 29 20:33:20 2009 +0200
description:
Updated documentation and version number
diffstat:
public_html/admin/install/index.php | 2 +-
public_html/docs/changes.html | 12 ++++++++++++
public_html/docs/history | 11 +++++++++++
public_html/siteconfig.php.dist | 2 +-
4 files changed, 25 insertions(+), 2 deletions(-)
diffs (66 lines):
diff -r afae3e80949c -r 052245bd696a public_html/admin/install/index.php
--- a/public_html/admin/install/index.php Wed Jul 29 19:56:01 2009 +0200
+++ b/public_html/admin/install/index.php Wed Jul 29 20:33:20 2009 +0200
@@ -48,7 +48,7 @@
define("LB", "\n");
}
if (!defined('VERSION')) {
- define('VERSION', '1.5.2sr4');
+ define('VERSION', '1.5.2sr5');
}
if (!defined('XHTML')) {
define('XHTML', ' /');
diff -r afae3e80949c -r 052245bd696a public_html/docs/changes.html
--- a/public_html/docs/changes.html Wed Jul 29 19:56:01 2009 +0200
+++ b/public_html/docs/changes.html Wed Jul 29 20:33:20 2009 +0200
@@ -16,6 +16,18 @@
<a href="history">ChangeLog</a>. The file <tt>docs/changed-files</tt> has a list
of files that have been changed since the last release.</p>
+<h2><a name="changes152sr5">Geeklog 1.5.2sr5</a></h2>
+
+<p>This release addresses the following security issues:</p>
+<ol>
+<li>Gerendi Sandor Attila reported an XSS in the forms to email a user and to
+ email a story to a friend.</li>
+<li>The "Mail Story to a Friend" function didn't check story permissions, so
+ that it was possible to email a story even if you didn't have the
+ permissions to view it on the site.</li>
+</ol>
+
+
<h2><a name="changes152sr4">Geeklog 1.5.2sr4</a></h2>
<p>Bookoo of the Nine Situations Group posted another SQL injection exploit, targetting an old bug in usersettings.php. As with the previous issues, this allowed an attacker to extract the password hash for any account and is fixed with this release.</p>
diff -r afae3e80949c -r 052245bd696a public_html/docs/history
--- a/public_html/docs/history Wed Jul 29 19:56:01 2009 +0200
+++ b/public_html/docs/history Wed Jul 29 20:33:20 2009 +0200
@@ -1,5 +1,16 @@
Geeklog History/Changes:
+Jul 30, 2009 (1.5.2sr5)
+------------
+
+This release addresses the following security issues:
+- Gerendi Sandor Attila reported an XSS in the forms to email a user and to
+ email a story to a friend.
+- The "Mail Story to a Friend" function didn't check story permissions, so that
+ it was possible to email a story even if you didn't have the permissions to
+ view it on the site.
+
+
Apr 18, 2009 (1.5.2sr4)
------------
diff -r afae3e80949c -r 052245bd696a public_html/siteconfig.php.dist
--- a/public_html/siteconfig.php.dist Wed Jul 29 19:56:01 2009 +0200
+++ b/public_html/siteconfig.php.dist Wed Jul 29 20:33:20 2009 +0200
@@ -38,7 +38,7 @@
define('LB',"\n");
}
if (!defined('VERSION')) {
- define('VERSION', '1.5.2sr4');
+ define('VERSION', '1.5.2sr5');
}
?>
More information about the geeklog-cvs
mailing list