From 358c62cdb9e3f993e5968674dcb220b0babf473c Mon Sep 17 00:00:00 2001 From: Vincent Zanotti Date: Sat, 23 May 2009 23:00:00 +0200 Subject: [PATCH] Adds a "SECURITY" file which will list our security bugfixes. Initializes it with the last two holes we fixed. This will allow me to write an automated tool that can disable working copies on murphy.m4x.org that have been left unattended for too long. Signed-off-by: Vincent Zanotti --- SECURITY | 16 ++++++++++++++++ 1 file changed, 16 insertions(+) create mode 100644 SECURITY diff --git a/SECURITY b/SECURITY new file mode 100644 index 0000000..d031043 --- /dev/null +++ b/SECURITY @@ -0,0 +1,16 @@ +# List of security fixes that have been committed to the "master" branch. +# This list is used to programmatically determine if a checkout of plat/al has +# known vulnerabilities (which is useful for automatically disabling an unused +# and unsafe checkout). +# +# In order to guarantee that only patched checkouts do have an updated SECURITY +# file, updates of this file should be done within the same sommit that actually +# fixes the security issue. Since the commit id is not known yet, it can be +# replaced by '00000000', and updated later. +# +# Format: +# The commit id should refer to the id in the "master" branch, if the initial +# commit in a version branch had another name. + +2009-10-19 e10bc2ef Prevents auth-groupex from leaking data to third-party attackers. +2008-12-21 a25cdc91 Fixes a SQL injection in geoloc.inc.php. -- 2.1.4