Geeklog 1.3.11sr1 and 1.3.9sr4
- Sunday, July 03 2005 @ 04:11 pm EDT
- Contributed by: Dirk
- Views: 23,420
Stefan Esser has found an SQL injection vulnerability in Geeklog that can, under certain circumstances, be used to extract sensitive user data such as a user's password hash. We are therefore releasing security updates to address this issue and would advise you to upgrade ASAP.
There are upgrade archives available to upgrade from Geeklog 1.3.11 and Geeklog 1.3.9sr3, as well as a complete tarball for Geeklog 1.3.11sr1 (for new installations).
Users of Geeklog 1.3.10 please read on ...
As mentioned in the release announcement for Geeklog 1.3.11, there will be no further development for Geeklog 1.3.10. Consequentially, we are not releasing this security upgrade for 1.3.10. While it would be easy to provide such an upgrade, it would be pointless as 1.3.11 was itself a security upgrade for 1.3.10. So fixing this security issue would still leave you vulnerable to the issues with 1.3.10. You had over half a year to upgrade to 1.3.11 and if you still haven't done so, now would be a good time ... Use the 1.3.11sr1 tarball and go through all the usual upgrade steps. As mentioned before, the upgrade should be relatively painless as there were no changes in the themes and config.php from 1.3.10 to 1.3.11.