List:Eventum Development« Previous MessageNext Message »
From:Elan Ruusamäe Date:January 27 2014 9:09am
Subject:Eventum 2.3.5 - Security Fix released
View as plain text  

We have just released Eventum 2.3.5, a security fix for all previous
versions of Eventum. We strongly recommend all users upgrade to this
release immediately. If you are unable to upgrade, you should remove
the htdocs/setup/ directory from your installation.

- [CWE-276] disable setup when already configured
- [CWE-94] fix improper escaping of creating config file

Thanks to High-Tech Bridge Security Research Lab for finding and
reporting these issues. You can view their advisory here:

Download the tarball from launchpad here:

Please report any issues on our project page,  , this mailing list or #eventum on

Best Regards,
Eventum project team.


Eventum 2.3.5 - Security Fix releasedElan Ruusamäe27 Jan