[interchange-cvs] interchange - kwalsh modified WHATSNEW-5.4
interchange-cvs at icdevgroup.org
interchange-cvs at icdevgroup.org
Tue Feb 5 22:30:10 EST 2008
User: kwalsh
Date: 2008-02-06 03:30:09 GMT
Modified: . Tag: STABLE_5_4-branch WHATSNEW-5.4
Log:
* Standard demo security bug fix.
Revision Changes Path
No revision
No revision
1.1.2.21 +8 -0 interchange/Attic/WHATSNEW-5.4
rev 1.1.2.21, prev_rev 1.1.2.20
Index: WHATSNEW-5.4
===================================================================
RCS file: /var/cvs/interchange/Attic/WHATSNEW-5.4,v
retrieving revision 1.1.2.20
retrieving revision 1.1.2.21
diff -u -r1.1.2.20 -r1.1.2.21
--- WHATSNEW-5.4 13 Apr 2007 08:32:20 -0000 1.1.2.20
+++ WHATSNEW-5.4 6 Feb 2008 03:30:09 -0000 1.1.2.21
@@ -31,6 +31,14 @@
* Remove debconf dependency from interchange-ui postrm script.
+Standard demo
+-------------
+
+* Fixed a security bug where an attacker could craft a URI that tricks
+ Interchange into executing arbitrary Perl code. The Perl code would be
+ subject to the Safe constraints of course, but could still be devistating
+ to the security of the target website.
+
Other
-----
More information about the interchange-cvs
mailing list