Topics

User Functions

Events

There are no upcoming events

What's New

Stories last 2 weeks

No new stories

Comments last 2 weeks

No new comments

Trackbacks last 2 weeks

No new trackback comments

Links last 2 weeks

No recent new links

NEW FILES last 14 days

No new files

Welcome to Geeklog Thursday, April 24 2014 @ 10:47 AM EDT

Geeklog 1.7.1sr1

Security
  • Sunday, January 02 2011 @ 12:30 PM EST
  • Contributed by:
  • Views:
    4,010

Geeklog 1.7.1sr1 addresses an XSS in the Configuration admin panel, reported by Aung Khant of the YGN Ethical Hacker Group. Due to the built-in CSRF protection this weakness is somewhat harder to exploit but we would nonetheless advise that you secure your site by installing this update ASAP.

In addition to the complete 1.7.1sr1 tarball, there are also update files for Geeklog 1.7.1 and for Geeklog 1.6.1sr1 that contain only a fixed version of the affected file (see the included README file for installation instructions).

Users of older Geeklog releases should consider upgrading to Geeklog 1.7.1sr1 soon (use the complete 1.7.1sr1 tarball to upgrade from any older version).

A note for those who are still running on PHP 4: There's a known bug in the Static Pages plugin in Geeklog 1.7.1 that makes it incompatible with PHP 4. We will address this issue in a future bugfix update. In the meantime, consider upgrading to Geeklog 1.6.1sr2 - or upgrade to PHP 5, if possible.

Trackback

Trackback URL for this entry:
https://www.geeklog.net/trackback.php/geeklog-1.7.1sr1

[...] System Home Forum Download Wiki Sitemap Store Geeklog 1.7.1sr1 et apr├Ęs ::Ben 02 janvier 2011 - 10:12 Views: 1 Geeklog 1.7.1sr1 est une mise à jour de sécurité pour Geeklog 1.7.1 Une version (Geeklog 1.7.2) de correction [...] [read more]

[...] Posted by Henri Salo on Mar 23 Original request here: http://seclists.org/oss-sec/2011/q1/547 http://www.geeklog.net/article.php/geeklog-1.7.1sr1 http://project.geeklog.net/cgi-bin/hgwebdir.cgi/geeklog/rev/20a98e6bab20 [...] [read more]

The following comments are owned by whomever posted them. This site is not responsible for what they say.

  • Geeklog 1.7.1sr1
  • Authored by:LWC on Monday, January 03 2011 @ 05:01 PM EST
Thanks! Alas, the full package's siteconfig.php still has define('VERSION', '1.7.1');
  • Geeklog 1.7.1sr1
  • Authored by:Dirk on Monday, January 03 2011 @ 05:23 PM EST

It doesn't matter - that version number will be overwritten with the correct version during installation or upgrade.