List:Eventum Development« Previous MessageNext Message »
From:Elan Ruusamäe Date:January 27 2014 9:09am
Subject:Eventum 2.3.5 - Security Fix released
View as plain text  
Hello,

We have just released Eventum 2.3.5, a security fix for all previous
versions of Eventum. We strongly recommend all users upgrade to this
release immediately. If you are unable to upgrade, you should remove
the htdocs/setup/ directory from your installation.

Changelog:
- [CWE-276] disable setup when already configured
- [CWE-94] fix improper escaping of creating config file

Thanks to High-Tech Bridge Security Research Lab for finding and
reporting these issues. You can view their advisory here:
https://www.htbridge.com/advisory/HTB23198

Download the tarball from launchpad here:
https://launchpad.net/eventum/trunk/2.3.5/+download/eventum-2.3.5.tar.gz

Please report any issues on our project page,
https://launchpad.net/eventum  , this mailing list or #eventum on
Freenode.

Best Regards,
Eventum project team.

-- 
glen


Thread
Eventum 2.3.5 - Security Fix releasedElan Ruusamäe27 Jan 2014