Welcome to Geeklog, Anonymous Friday, November 22 2024 @ 12:31 am EST

Geeklog 1.3.8-1sr2

  • Tuesday, October 14 2003 @ 04:30 pm EDT
  • Contributed by:
  • Views: 15,519
Security

Following on the heels of 1.3.8-1sr1 is 1.3.8-1sr2, available as a (tiny) upgrade archive as well as a complete tarball.

Jouko Pynnonen found a way to trick the new "forgot password" feature, that was only introduced in 1.3.8, into letting an attacker change the password for any account. This release addresses this issue - there were no other changes.

Users of 1.3.7sr3 are not affected (as the feature simply didn't exist there).

bye, Dirk