[dokuwiki] git changes 2012-04-20
- From: xref@xxxxxxxxxxxx (DokuWiki Devel Tools)
- To: dokuwiki@xxxxxxxxxxxxx
- Date: Fri, 20 Apr 2012 03:00:02 +0200 (CEST)
Good Morning!
This are the git changes for DokuWiki committed
yesterday. Please test them and report bugs.
---------------------------------------------------------------------
http://github.com/splitbrain/dokuwiki/commit/2f85287ef7aafab72cec14c85c1ab4cd1d7facc9
Author: Adrian Lang <mail[at]adrianlang.de>
Date: Thu Apr 19 12:12:33 2012 +0200
Release preparations
http://github.com/splitbrain/dokuwiki/commit/ff71173477e54774b5571015d49d944f51cb8a26
Author: Andreas Gohr <gohr[at]cosmocode.de>
Date: Thu Apr 19 11:26:46 2012 +0200
escape target error message (SECURITY) FS#2487 FS#2488
The error message when a non-existant editor was tried to load wasn't
escaped correctly, allowing to introduce arbitrary JavaScript to the
output, leading to a XSS vulnerability.
Note: the reported second XCRF vulnerability is the same bug, the xploit
code simply uses JavaScript to extract a valid CSRF token from the site
http://github.com/splitbrain/dokuwiki/commit/56ef9b96cf85ba4b1e5df37ac113143f102d3642
Author: Andreas Gohr <gohr[at]cosmocode.de>
Date: Thu Apr 19 11:23:45 2012 +0200
some more debug output in the indexer webbug
---------------------------------------------------------------------
You can download individual diffs or patches by appending .diff or
.patch to the given commit URLs above.
Bye,
your git changelog mailer
--
DokuWiki mailing list - more info at
http://www.dokuwiki.org/mailinglist
Other related posts:
- » [dokuwiki] git changes 2012-04-20 - DokuWiki Devel Tools