From dirk at haun-online.de Sat Apr 4 13:48:43 2009 From: dirk at haun-online.de (Dirk Haun) Date: Sat, 4 Apr 2009 19:48:43 +0200 Subject: [geeklog-announce] Geeklog 1.5.2sr2 security update Message-ID: <20090404174843.217864@smtp.haun-online.de> We have been informed about an SQL injection exploit in Geeklog that we are fixing with this release. For details, please see http://www.geeklog.net/article.php/geeklog-1.5.2sr2 -- http://www.geeklog.net/ http://geeklog.info/ From dirk at haun-online.de Thu Apr 9 15:59:40 2009 From: dirk at haun-online.de (Dirk Haun) Date: Thu, 9 Apr 2009 21:59:40 +0200 Subject: [geeklog-announce] Security alert: Webservices exploit Message-ID: <20090409195940.1505069715@smtp.haun-online.de> Another SQL injection exploit has been published, this time targetting the Webservices API in Geeklog 1.5.x (earlier versions are not affected). We will be releasing an update ASAP, but in the meantime, you can secure your site by disabling the Webservices in the configuration: Configuration > Geeklog > Miscellaneous > Webservices For more information, see http://www.geeklog.net/article.php/webservices-exploit -- http://www.geeklog.net/ http://geeklog.info/ From dirk at haun-online.de Mon Apr 13 12:09:38 2009 From: dirk at haun-online.de (Dirk Haun) Date: Mon, 13 Apr 2009 18:09:38 +0200 Subject: [geeklog-announce] Geeklog 1.5.2sr3 In-Reply-To: <20090409195940.1505069715@smtp.haun-online.de> References: <20090409195940.1505069715@smtp.haun-online.de> Message-ID: <20090413160938.587174127@smtp.haun-online.de> Geeklog 1.5.2sr3 is now available for download. It addresses the recently published exploit for an SQL injection in the webservices. For details, please see http://www.geeklog.net/article.php/geeklog-1.5.2sr3 -- http://www.geeklog.net/ http://geeklog.info/ From dirk at haun-online.de Sat Apr 18 07:22:56 2009 From: dirk at haun-online.de (Dirk Haun) Date: Sat, 18 Apr 2009 13:22:56 +0200 Subject: [geeklog-announce] Geeklog 1.5.2sr4 Message-ID: <20090418112256.911082750@smtp.haun-online.de> Yet another SQL injection exploit has been published for Geeklog. We are releasing Geeklog 1.5.2sr4 to address this issue. For details, please see http://www.geeklog.net/article.php/geeklog-1.5.2sr4 -- http://www.geeklog.net/ http://geeklog.info/