I believe there's a couple of bugs with the 1.5.13 release:
http://forum.joomla.org/viewtopic.php?f=430&t=423159
Might be good to hold off for 24 / 48 hours before updating. The Bug
Squad is apparently busy getting the fixes ready.
Steve
Mitch Pirtle wrote:
Thanks Donna, I missed this totally in my avalanche of work and deadlines.
-- Mitch
On Thu, Jul 23, 2009 at 8:38 AM, Donna Marie
Vincent<donnamarievinc...@yahoo.com> wrote:
Joomla! Security News
________________________________
[20090722] - Core - Missing JEXEC Check
Posted: 22 Jul 2009 04:36 PM PDT
Project: Joomla!
SubProject: Framework
Severity: Moderate
Versions: 1.5.12 and all previous 1.5 releases
Exploit type: XSS
Reported Date: 2009-July-21
Fixed Date: 2009-July-22
Description
Some files were missing the check for JEXEC. These scripts will then expose
internal path information of the host.
Affected Installs
All 1.5.x installs prior to and including 1.5.12 are affected.
Solution
Upgrade to latest Joomla! version (1.5.13 or newer).
Reported by Juan Galiana Lara (Internet Security Auditors)
Contact
The JSST at the Joomla! Security Center.
[20090722] - Core - File Upload
Posted: 22 Jul 2009 04:17 PM PDT
Project: Joomla!
SubProject: TinyMCE editor
Severity: Critical
Versions: 1.5.12
Exploit type: Image File upload
Reported Date: 2009-July-22
Fixed Date: 2009-July-22
Description
Tiny browser included with TinyMCE 3.0 editor allowed files to be uploaded
and removed without logging in.
Affected Installs
Version 1.5.12 only
Solution
Upgrade to latest Joomla! version (1.5.13 or newer).
Reported by Patrice Lazareff.
Contact
The JSST at the Joomla! Security Center.
You are subscribed to email updates from Joomla! Developer - Vulnerability
News
To stop receiving these emails, you may unsubscribe now.Email delivery
powered by Google
Google Inc., 20 West Kinzie, Chicago IL USA 60610
_______________________________________________
New York PHP SIG: Joomla! Mailing List
http://lists.nyphp.org/mailman/listinfo/joomla
NYPHPCon 2006 Presentations Online
http://www.nyphpcon.com
Show Your Participation in New York PHP
http://www.nyphp.org/show_participation.php
_______________________________________________
New York PHP SIG: Joomla! Mailing List
http://lists.nyphp.org/mailman/listinfo/joomla
NYPHPCon 2006 Presentations Online
http://www.nyphpcon.com
Show Your Participation in New York PHP
http://www.nyphp.org/show_participation.php
_______________________________________________
New York PHP SIG: Joomla! Mailing List
http://lists.nyphp.org/mailman/listinfo/joomla
NYPHPCon 2006 Presentations Online
http://www.nyphpcon.com
Show Your Participation in New York PHP
http://www.nyphp.org/show_participation.php
