[koha-commits] main Koha release repository branch master updated. v16.11.00-346-g8924439
Git repo owner
gitmaster at git.koha-community.org
Mon Jan 30 15:56:56 CET 2017
This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "main Koha release repository".
The branch, master has been updated
via 8924439054fec94acabef6045f21369117e528f0 (commit)
from 93cc0956a923e94663ae74d1f435604844536571 (commit)
Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.
- Log -----------------------------------------------------------------
commit 8924439054fec94acabef6045f21369117e528f0
Author: Jonathan Druart <jonathan.druart at bugs.koha-community.org>
Date: Tue Jan 10 18:06:51 2017 +0100
Bug 17902: Fix possible SQL injection in serials editing
/cgi-bin/koha/serials/serials-edit.pl?serstatus=*/+,2,3,'2016-12-12','2016-12-12',6,'jjj7','jjj8'%20--%20-&subscriptionid=1+and+1%3d2+Union+all+select+111+/*
The SQL query is not constructed correctly, placeholders must be used.
Subscription id and status list can be provided by the user.
This vulnerability has been reported by MDSec.
Signed-off-by: Mirko Tietgen <mirko at abunchofthings.net>
Signed-off-by: Kyle M Hall <kyle at bywatersolutions.com>
-----------------------------------------------------------------------
Summary of changes:
C4/Serials.pm | 13 +++++++------
1 file changed, 7 insertions(+), 6 deletions(-)
hooks/post-receive
--
main Koha release repository
More information about the koha-commits
mailing list