[geeklog-hg] geeklog: Added list of security fixes
geeklog-cvs at lists.geeklog.net
geeklog-cvs at lists.geeklog.net
Tue Feb 19 14:05:35 EST 2013
changeset 8957:c31b469e5bdd
url: http://project.geeklog.net/cgi-bin/hgwebdir.cgi/geeklog/rev/c31b469e5bdd
user: Dirk Haun <dirk at haun-online.de>
date: Tue Feb 19 20:05:20 2013 +0100
description:
Added list of security fixes
diffstat:
public_html/docs/history | 8 ++++++++
1 files changed, 8 insertions(+), 0 deletions(-)
diffs (18 lines):
diff -r 3a3e9d270844 -r c31b469e5bdd public_html/docs/history
--- a/public_html/docs/history Tue Feb 19 20:04:50 2013 +0100
+++ b/public_html/docs/history Tue Feb 19 20:05:20 2013 +0100
@@ -3,6 +3,14 @@
Feb 19, 2013 (2.0.0rc2)
------------
+This release addresses the following security issues:
+- High-Tech Bridge Security Research Lab reported an XSS in the calendar_type
+ parameter in the Calendar plugin (HTB23143).
+- Trustwave Spiderlabs reported XSS in the install script, the Configuration,
+ as well as in the Admin interfaces for the Polls plugin and the Topic editor
+ (TWSL2013-001).
+
+Not security-related:
- Optimize 2.0.0 MySQL Topic Upgrade Script (feature request #0001544) [Tom]
- Introduce DB_escapeString (feature request #0001146) [Kenji]
- For articles with 2 or more topics the incorrect topic icon may display in the
More information about the geeklog-cvs
mailing list