No Support > Announcements

Patch for Coppermine 1.4.3 remote code execution - Update NOW!

<< < (2/6) > >>

Joachim Müller:
1) cpg1.3.x isn't affected by the vulnerability as far as I can tell
2) we're currently working on a maintenance release

Tarique Sani:
@freedag: Given the fact that only two files need to be replaced asking people to reinstall everything is being a plain PIA - for those who cannot patch a zip with correct files was provided...

While I agree that the website front page should be updated ASAP the points mentioned by Gaugau stand.

@Gaugau - time we declared 1.3.x as unsupported and removed all those downloads - Upgrade or perish!

Nibbler:
It's the same fix for 1.3, which is vulnerable.

find


--- Code: ---$USER['lang'] = $HTTP_GET_VARS['lang'];
--- End code ---

replace with


--- Code: ---$USER['lang'] = ereg("^[a-z0-9_-]*$", $HTTP_GET_VARS['lang']) ? $HTTP_GET_VARS['lang'] : $CONFIG['lang'];
--- End code ---

SpearCreations:
I have a question i just downloaded copperminegallery 1.4.3 lastnight now does this mean i have to also run the patch? just curious thank you kindly  ;D

SpearCreations:

--- Quote from: SpearCreations on February 22, 2006, 03:59:29 pm ---I have a question i just downloaded copperminegallery 1.4.3 lastnight now does this mean i have to also run the patch? just curious thank you kindly  ;D and if i do have to add the patch where do i exactly put it...keep in mind im computer stupid at this point but i did manage to get it up and running lastnight :)

--- End quote ---

Navigation

[0] Message Index

[#] Next page

[*] Previous page