Geeklog 1.3.8sr2 released!

17/10/2003

Go grab a copy @
http://www.geeklog.net

From Geeklog

Tuesday, October 14 2003 @ 04:30 PM EDT
Contributed by:

Dirk
Views: 321

Following on the heels of

1.3.8-1sr1 is 1.3.8-1sr2, available as a (tiny)
upgrade
archive as well as a

complete tarball.

Jouko Pynnonen found a way to trick the new "forgot password"
feature, that was only introduced in 1.3.8, into letting an attacker
change the password for any account. This release addresses
this issue – there were no other changes.

Users of 1.3.7sr3 are not affected (as the feature simply didn’t
exist there).

bye, Dirk

No comments yet.

Write a comment:

You have to log in to write a comment.