[geeklog-cvs] geeklog: Updated documentation and version number

geeklog-cvs at lists.geeklog.net geeklog-cvs at lists.geeklog.net
Thu Jul 30 13:44:45 EDT 2009 

details:   http://project.geeklog.net/cgi-bin/hgweb.cgi/rev/052245bd696a
changeset: 7202:052245bd696a
user:      Dirk Haun <dirk at haun-online.de>
date:      Wed Jul 29 20:33:20 2009 +0200
description:
Updated documentation and version number

diffstat:

 public_html/admin/install/index.php |   2 +-
 public_html/docs/changes.html       |  12 ++++++++++++
 public_html/docs/history            |  11 +++++++++++
 public_html/siteconfig.php.dist     |   2 +-
 4 files changed, 25 insertions(+), 2 deletions(-)

diffs (66 lines):

diff -r afae3e80949c -r 052245bd696a public_html/admin/install/index.php
--- a/public_html/admin/install/index.php	Wed Jul 29 19:56:01 2009 +0200
+++ b/public_html/admin/install/index.php	Wed Jul 29 20:33:20 2009 +0200
@@ -48,7 +48,7 @@
     define("LB", "\n");
 }
 if (!defined('VERSION')) {
-    define('VERSION', '1.5.2sr4');
+    define('VERSION', '1.5.2sr5');
 }
 if (!defined('XHTML')) {
     define('XHTML', ' /');
diff -r afae3e80949c -r 052245bd696a public_html/docs/changes.html
--- a/public_html/docs/changes.html	Wed Jul 29 19:56:01 2009 +0200
+++ b/public_html/docs/changes.html	Wed Jul 29 20:33:20 2009 +0200
@@ -16,6 +16,18 @@
 <a href="history">ChangeLog</a>. The file <tt>docs/changed-files</tt> has a list
 of files that have been changed since the last release.</p>
 
+<h2><a name="changes152sr5">Geeklog 1.5.2sr5</a></h2>
+
+<p>This release addresses the following security issues:</p>
+<ol>
+<li>Gerendi Sandor Attila reported an XSS in the forms to email a user and to
+    email a story to a friend.</li>
+<li>The "Mail Story to a Friend" function didn't check story permissions, so
+    that it was possible to email a story even if you didn't have the
+    permissions to view it on the site.</li>
+</ol>
+
+
 <h2><a name="changes152sr4">Geeklog 1.5.2sr4</a></h2>
 
 <p>Bookoo of the Nine Situations Group posted another SQL injection exploit, targetting an old bug in usersettings.php. As with the previous issues, this allowed an attacker to extract the password hash for any account and is fixed with this release.</p>
diff -r afae3e80949c -r 052245bd696a public_html/docs/history
--- a/public_html/docs/history	Wed Jul 29 19:56:01 2009 +0200
+++ b/public_html/docs/history	Wed Jul 29 20:33:20 2009 +0200
@@ -1,5 +1,16 @@
 Geeklog History/Changes:
 
+Jul 30, 2009 (1.5.2sr5)
+------------
+
+This release addresses the following security issues:
+- Gerendi Sandor Attila reported an XSS in the forms to email a user and to
+  email a story to a friend.
+- The "Mail Story to a Friend" function didn't check story permissions, so that
+  it was possible to email a story even if you didn't have the permissions to
+  view it on the site.
+
+
 Apr 18, 2009 (1.5.2sr4)
 ------------
 
diff -r afae3e80949c -r 052245bd696a public_html/siteconfig.php.dist
--- a/public_html/siteconfig.php.dist	Wed Jul 29 19:56:01 2009 +0200
+++ b/public_html/siteconfig.php.dist	Wed Jul 29 20:33:20 2009 +0200
@@ -38,7 +38,7 @@
   define('LB',"\n");
 }
 if (!defined('VERSION')) {
-  define('VERSION', '1.5.2sr4');
+  define('VERSION', '1.5.2sr5');
 }
 
 ?>

More information about the geeklog-cvs mailing list