[pLog-svn] sql exploit?

Jon Daley plogworld at jon.limedaley.com
Tue Jun 10 13:09:31 EDT 2008


 	That's what I thought they were talking about.  But, it was 
updated today, and makes it look like it is across all versions.

On Wed, 11 Jun 2008, Mark Wu wrote:

> This bug exist in version 1.0.x, but already fixed after verion 1.1.
>
> Mark
>
>> -----Original Message-----
>> From: plog-svn-bounces at devel.lifetype.net
>> [mailto:plog-svn-bounces at devel.lifetype.net] On Behalf Of Jon Daley
>> Sent: Wednesday, June 11, 2008 12:27 AM
>> To: LifeType SVN
>> Subject: [pLog-svn] sql exploit?
>>
>> Can anyone duplicate this?  I can't on the current svn
>> branch, and I downgraded to 1.2.8 and can't either.
>>
>> (I also checked Reto's blog, and got the same error as mine -
>> error_fetching_album)
>>
>> http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-2629
>>
>> Maybe the security report has a typo in it, and it is only a
>> drupal module that it is affected.  The example exploit shows
>> downloading lifetype from sourceforge...
>>
>>
>> --
>> Jon Daley
>> http://jon.limedaley.com
>> ~~
>> I want to get quoted. I think I say enough stuff to get quoted.
>> -- JoAnn Paul
>> _______________________________________________
>> pLog-svn mailing list
>> pLog-svn at devel.lifetype.net
>> http://limedaley.com/mailman/listinfo/plog-svn
>
> _______________________________________________
> pLog-svn mailing list
> pLog-svn at devel.lifetype.net
> http://limedaley.com/mailman/listinfo/plog-svn
>

-- 
Jon Daley
http://jon.limedaley.com
~~
If it weren't for the last minute, nothing would get done.


More information about the pLog-svn mailing list