[interchange-cvs] interchange - kwalsh modified WHATSNEW-5.4

interchange-cvs at icdevgroup.org interchange-cvs at icdevgroup.org
Tue Feb 5 22:30:10 EST 2008


User:      kwalsh
Date:      2008-02-06 03:30:09 GMT
Modified:  .        Tag: STABLE_5_4-branch WHATSNEW-5.4
Log:
    * Standard demo security bug fix.

Revision  Changes    Path
No                   revision



No                   revision



1.1.2.21  +8 -0      interchange/Attic/WHATSNEW-5.4


rev 1.1.2.21, prev_rev 1.1.2.20
Index: WHATSNEW-5.4
===================================================================
RCS file: /var/cvs/interchange/Attic/WHATSNEW-5.4,v
retrieving revision 1.1.2.20
retrieving revision 1.1.2.21
diff -u -r1.1.2.20 -r1.1.2.21
--- WHATSNEW-5.4	13 Apr 2007 08:32:20 -0000	1.1.2.20
+++ WHATSNEW-5.4	6 Feb 2008 03:30:09 -0000	1.1.2.21
@@ -31,6 +31,14 @@
 
 * Remove debconf dependency from interchange-ui postrm script.
 
+Standard demo
+-------------
+
+* Fixed a security bug where an attacker could craft a URI that tricks
+  Interchange into executing arbitrary Perl code.  The Perl code would be
+  subject to the Safe constraints of course, but could still be devistating
+  to the security of the target website.
+
 Other
 -----
 








More information about the interchange-cvs mailing list