gnh1201/seeddms-code
1
0
Fork 0
mirror of https://git.code.sf.net/p/seeddms/code synced 2025-02-06 07:04:57 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

add CVE numbers

Browse Source
This commit is contained in:
Uwe Steinmann 2018-07-02 12:42:09 +02:00
parent 36b0671182
commit de10b35f3d
1 changed files with 7 additions and 6 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

13
CHANGELOG
View File

@ -7,15 +7,16 @@
- do not leak information in calendar about documents the logged in user has
no read access on
- fix vulnerability when uploading a new file with the fine uploader, make
sure the chunk identifier contains only allowed chars '[0-9a-f-]' (CVE )
sure the chunk identifier contains only allowed chars '[0-9a-f-]' (CVE-2018-12939
and CVE-2018-12940)
- fix vulnerability when clearing the cache, make sure the cache directory
to clean actually exists. (CVE )
to clean actually exists. (CVE-2018-12941)
- prevent cross side scripting when loading the dashboard, removed dashboard
as it was never finished anyway (CVE )
as it was never finished anyway (CVE-2018-12944)
- prevent cross side scripting when url parameter 'action' is manipulated,
url parameter is run through htmlspecialchars() before output (CVS )
- fix possible sql-injection, do not use integers in sql statement without
casting them to int before (CVE )
url parameter is run through htmlspecialchars() before output (CVE-2018-12943)
- fix possible sql-injection, do not use integers in sql statement before
casting them to int (CVE-2018-12942)
--------------------------------------------------------------------------------
Changes in version 5.1.7