We have just released Eventum 2.3.5, a security fix for all previous
versions of Eventum. We strongly recommend all users upgrade to this
release immediately. If you are unable to upgrade, you should remove
the htdocs/setup/ directory from your installation.
- [CWE-276] disable setup when already configured
- [CWE-94] fix improper escaping of creating config file
Thanks to High-Tech Bridge Security Research Lab for finding and
reporting these issues. You can view their advisory here:
Download the tarball from launchpad here:
Please report any issues on our project page,
https://launchpad.net/eventum , this mailing list or #eventum on
Eventum project team.
|• Eventum 2.3.5 - Security Fix released||Elan Ruusamäe||27 Jan 2014|