[geeklog-cvs] geeklog: Updated documentation and version number

geeklog-cvs at lists.geeklog.net geeklog-cvs at lists.geeklog.net
Thu Jul 30 13:45:43 EDT 2009 

details:   http://project.geeklog.net/cgi-bin/hgweb.cgi/rev/01ee44e87dd8
changeset: 7206:01ee44e87dd8
user:      Dirk Haun <dirk at haun-online.de>
date:      Wed Jul 29 21:08:47 2009 +0200
description:
Updated documentation and version number

diffstat:

 public_html/admin/install/lib-install.php |   2 +-
 public_html/docs/english/changes.html     |  32 ++++++++++++++++++++++++++++++++
 public_html/docs/history                  |  28 ++++++++++++++++++++++++++++
 3 files changed, 61 insertions(+), 1 deletions(-)

diffs (105 lines):

diff -r 5c4b872f98ef -r 01ee44e87dd8 public_html/admin/install/lib-install.php
--- a/public_html/admin/install/lib-install.php	Wed Jul 29 13:30:25 2009 +0200
+++ b/public_html/admin/install/lib-install.php	Wed Jul 29 21:08:47 2009 +0200
@@ -56,7 +56,7 @@
     * This constant defines Geeklog's version number. It will be written to
     * siteconfig.php and the database (in the latter case minus any suffix).
     */
-    define('VERSION', '1.6.0');
+    define('VERSION', '1.6.0sr1');
 }
 if (!defined('XHTML')) {
     define('XHTML', ' /');
diff -r 5c4b872f98ef -r 01ee44e87dd8 public_html/docs/english/changes.html
--- a/public_html/docs/english/changes.html	Wed Jul 29 13:30:25 2009 +0200
+++ b/public_html/docs/english/changes.html	Wed Jul 29 21:08:47 2009 +0200
@@ -16,6 +16,26 @@
 <a href="../history">ChangeLog</a>. The file <tt>docs/changed-files</tt> has a
 list of files that have been changed since the last release.</p>
 
+
+<h2><a name="changes160sr1">Geeklog 1.6.0sr1</a></h2>
+
+<p>This release addresses the following security issues:</p>
+<ol>
+<li>Gerendi Sandor Attila reported an XSS in the forms to email a user and to
+    email a story to a friend.</li>
+<li>The "Mail Story to a Friend" function didn't check story permissions, so
+    that it was possible to email a story even if you didn't have the
+    permissions to view it on the site.</li>
+</ol>
+
+<p>Other fixes:</p>
+<ul>
+<li>Fixed an SQL error when submitting a story and the story submission queue
+    was off.</li>
+<li>Fixed calls to a nonexistent function <code>COM_outputMessageAndAbort</code>.</li>
+</ul>
+
+
 <h2><a name="changes160">Geeklog 1.6.0</a></h2>
 
 <h3>Results from the Summer of Code</h3>
@@ -53,6 +73,18 @@
 you!</p>
 
 
+<h2><a name="changes152sr5">Geeklog 1.5.2sr5</a></h2>
+
+<p>This release addresses the following security issues:</p>
+<ol>
+<li>Gerendi Sandor Attila reported an XSS in the forms to email a user and to
+    email a story to a friend.</li>
+<li>The "Mail Story to a Friend" function didn't check story permissions, so
+    that it was possible to email a story even if you didn't have the
+    permissions to view it on the site.</li>
+</ol>
+
+
 <h2><a name="changes152sr4">Geeklog 1.5.2sr4</a></h2>
 
 <p>Bookoo of the Nine Situations Group posted another SQL injection exploit, targetting an old bug in usersettings.php. As with the previous issues, this allowed an attacker to extract the password hash for any account and is fixed with this release.</p>
diff -r 5c4b872f98ef -r 01ee44e87dd8 public_html/docs/history
--- a/public_html/docs/history	Wed Jul 29 13:30:25 2009 +0200
+++ b/public_html/docs/history	Wed Jul 29 21:08:47 2009 +0200
@@ -1,5 +1,22 @@
 Geeklog History/Changes:
 
+Jul 30, 2009 (1.6.0sr1)
+------------
+
+This release addresses the following security issues:
+- Gerendi Sandor Attila reported an XSS in the forms to email a user and to
+  email a story to a friend.
+- The "Mail Story to a Friend" function didn't check story permissions, so that
+  it was possible to email a story even if you didn't have the permissions to
+  view it on the site.
+
+Not security-related:
+- Fixed an SQL error (due to a non-initialized variable; not exploitable) when
+  the story submission queue was off (reported by Dieter Thomas) [Dirk]
+- Fixed calls to a nonexistent function COM_outputMessageAndAbort (should have
+  been COM_displayMessageAndAbort) [Dirk]
+
+
 Jul 19, 2009 (1.6.0)
 ------------
 
@@ -335,6 +352,17 @@
   every other plugin and built-in function does (bug #0000644) [Dirk]
 
 
+Jul 30, 2009 (1.5.2sr5)
+------------
+
+This release addresses the following security issues:
+- Gerendi Sandor Attila reported an XSS in the forms to email a user and to
+  email a story to a friend.
+- The "Mail Story to a Friend" function didn't check story permissions, so that
+  it was possible to email a story even if you didn't have the permissions to
+  view it on the site.
+
+
 Apr 18, 2009 (1.5.2sr4)
 ------------

More information about the geeklog-cvs mailing list