semanticscuttle-devel

[Semanticscuttle-devel] Security release of SemanticScuttle: New versions 0.94.2 and 0.95.2

[Christian W. <cw...@cw...>]

Hello all,


Today I discovered some SQL injection possibilities in the code dealing
with tags. The problems have been fixed in SVN.

I also made a security release, patching the latest stable release
0.95.1, leading to version 0.95.2.
Additionally to that, I backported the patches to the 0.94 series (the
ones with the old file layout), leading to version 0.94.2.

Please update your installations as soon as possible, since a malicious
attacker might destroy or modify your database.

Downloads are available at:
http://sourceforge.net/projects/semanticscuttle/files/

-- 
Regards/Mit freundlichen Grüßen
Christian Weiske

-= Geeking around in the name of science since 1982 =-

Re: [Semanticscuttle-devel] Security release of SemanticScuttle: New versions 0.94.2 and 0.95.2

[Christian W. <cw...@cw...>]

Hi,



> Today I discovered some SQL injection possibilities in the code
> dealing with tags. The problems have been fixed in SVN.
I notified secunia and got an advisory:
http://secunia.com/advisories/38228/

-- 
Regards/Mit freundlichen Grüßen
Christian Weiske

-= Geeking around in the name of science since 1982 =-