[platal.git] / SECURITY

# List of security fixes that have been committed to the "core" branch.
# This list is used to programmatically determine if a checkout of plat/al has
# known vulnerabilities (which is useful for automatically disabling an unused
# and unsafe checkout).
#
# In order to guarantee that only patched checkouts do have an updated SECURITY
# file, updates of this file should be done within the same sommit that actually
# fixes the security issue. Since the commit id is not known yet, it can be
# replaced by '00000000', and updated later.
#
# Format: <date> <commit id> <commit description>
# The commit id should refer to the id in the "core" branch, if the initial
# commit in a version branch had another name.

2010-10-28 a95d05a Code injection vulnerability in malformed email addresses.
2010-09-17 a86feb8 Fix an error in permission handling: all pages where accessible without admin permission.
Commit	Line	Data
4074f9a0 VZ	1	# List of security fixes that have been committed to the "core" branch.
	2	# This list is used to programmatically determine if a checkout of plat/al has
	3	# known vulnerabilities (which is useful for automatically disabling an unused
	4	# and unsafe checkout).
	5	#
	6	# In order to guarantee that only patched checkouts do have an updated SECURITY
	7	# file, updates of this file should be done within the same sommit that actually
	8	# fixes the security issue. Since the commit id is not known yet, it can be
	9	# replaced by '00000000', and updated later.
	10	#
	11	# Format: <date> <commit id> <commit description>
	12	# The commit id should refer to the id in the "core" branch, if the initial
	13	# commit in a version branch had another name.
	14
28991291	15	2010-10-28 a95d05a Code injection vulnerability in malformed email addresses.
1b54ef26	16	2010-09-17 a86feb8 Fix an error in permission handling: all pages where accessible without admin permission.