This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "FusionForge".
The branch, Branch_5_3 has been updated
via 9eecac4ed7c3432195f8a866fbfe8558f8b02558 (commit)
from afcfe76f5195af4566ff3a8280714383fcdb5a67 (commit)
Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.
- Log -----------------------------------------------------------------
commit 9eecac4ed7c3432195f8a866fbfe8558f8b02558
Author: Roland Mas <[email protected]>
Date: Thu May 28 12:03:36 2015 +0200
Prepare 5.3.4
diff --git a/src/CHANGES b/src/CHANGES
index d3e04e8..4a751a6 100644
--- a/src/CHANGES
+++ b/src/CHANGES
@@ -1,3 +1,8 @@
+Fusionforge-5.3.4:
+* CVE-2015-0850: Prevent arbitrary command execution via clone URL
+ parameter of the method to create secondary Git repositories. Found
+ by Ansgar Burchardt <[email protected]>.
+
Fusionforge-5.3.3:
* User e-mail change: simplify confirmation hash and precise encoding to avoid
mangling in some versions of Thunderbird and Apple Mail [#738] (Inria)
* Project homepage: default to http:// rather than https:// for external
homepage links [#752] (Inria)
diff --git a/src/common/include/FusionForge.class.php
b/src/common/include/FusionForge.class.php
index b262e9d..dbe6df6 100644
--- a/src/common/include/FusionForge.class.php
+++ b/src/common/include/FusionForge.class.php
@@ -49,7 +49,7 @@ class FusionForge extends Error {
if (isset($forge_pkg_version)) {
$this->software_version = $forge_pkg_version;
} else {
- $this->software_version = '5.3.3' ;
+ $this->software_version = '5.3.4' ;
}
if (isset($forge_pkg_type)) {
-----------------------------------------------------------------------
Summary of changes:
src/CHANGES | 5 +++++
src/common/include/FusionForge.class.php | 2 +-
2 files changed, 6 insertions(+), 1 deletion(-)
diff --git a/src/CHANGES b/src/CHANGES
index d3e04e8..4a751a6 100644
--- a/src/CHANGES
+++ b/src/CHANGES
@@ -1,3 +1,8 @@
+Fusionforge-5.3.4:
+* CVE-2015-0850: Prevent arbitrary command execution via clone URL
+ parameter of the method to create secondary Git repositories. Found
+ by Ansgar Burchardt <[email protected]>.
+
Fusionforge-5.3.3:
* User e-mail change: simplify confirmation hash and precise encoding to avoid
mangling in some versions of Thunderbird and Apple Mail [#738] (Inria)
* Project homepage: default to http:// rather than https:// for external
homepage links [#752] (Inria)
diff --git a/src/common/include/FusionForge.class.php
b/src/common/include/FusionForge.class.php
index b262e9d..dbe6df6 100644
--- a/src/common/include/FusionForge.class.php
+++ b/src/common/include/FusionForge.class.php
@@ -49,7 +49,7 @@ class FusionForge extends Error {
if (isset($forge_pkg_version)) {
$this->software_version = $forge_pkg_version;
} else {
- $this->software_version = '5.3.3' ;
+ $this->software_version = '5.3.4' ;
}
if (isset($forge_pkg_type)) {
hooks/post-receive
--
FusionForge
_______________________________________________
Fusionforge-commits mailing list
[email protected]
http://lists.fusionforge.org/cgi-bin/mailman/listinfo/fusionforge-commits
