[koha-commits] main Koha release repository branch 3.22.x updated. v3.22.15-15-gff4bfb7

Git repo owner gitmaster at git.koha-community.org
Tue Jan 31 09:39:41 CET 2017 

This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "main Koha release repository".

The branch, 3.22.x has been updated
       via  ff4bfb7644cfa4c9d7171c09850707cdd5f61c2d (commit)
       via  00ab72b2f65f6973d3033454db6806502ba53f60 (commit)
      from  392b65534d5bac0da6882eb9bbf8aa3829d0ee2a (commit)

Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.

- Log -----------------------------------------------------------------
commit ff4bfb7644cfa4c9d7171c09850707cdd5f61c2d
Author: Katrin Fischer <katrin.fischer.83 at web.de>
Date:   Mon Jan 30 16:47:23 2017 +0100

    Bug 17902: Follow-up fixing SQL statement
    
    Signed-off-by: Tomas Cohen Arazi <tomascohen at theke.io>
    Signed-off-by: Mirko Tietgen <mirko at abunchofthings.net>
    
    Signed-off-by: Kyle M Hall <kyle at bywatersolutions.com>
    (cherry picked from commit 40cb8e3b7579987d0d461e8da6e350228722727c)
    Signed-off-by: Katrin Fischer <katrin.fischer.83 at web.de>
    (cherry picked from commit dea3bc855d011b47541ed664566940c08ca52ceb)
    Signed-off-by: Julian Maurice <julian.maurice at biblibre.com>

commit 00ab72b2f65f6973d3033454db6806502ba53f60
Author: Jonathan Druart <jonathan.druart at bugs.koha-community.org>
Date:   Tue Jan 10 18:06:51 2017 +0100

    Bug 17902: Fix possible SQL injection in serials editing
    
    /cgi-bin/koha/serials/serials-edit.pl?serstatus=*/+,2,3,'2016-12-12','2016-12-12',6,'jjj7','jjj8'%20--%20-&subscriptionid=1+and+1%3d2+Union+all+select+111+/*
    
    The SQL query is not constructed correctly, placeholders must be used.
    Subscription id and status list can be provided by the user.
    
    This vulnerability has been reported by MDSec.
    
    Signed-off-by: Mirko Tietgen <mirko at abunchofthings.net>
    
    Signed-off-by: Nick Clemens <nick at bywatersolutions.com>
    Signed-off-by: Tomas Cohen Arazi <tomascohen at theke.io>
    
    Signed-off-by: Kyle M Hall <kyle at bywatersolutions.com>
    (cherry picked from commit f42dbd67d1b960906fd2b98560e7e3724452bce9)
    Signed-off-by: Katrin Fischer <katrin.fischer.83 at web.de>
    (cherry picked from commit 14e2c2e5f70dc24a0621545aac8a1f8c568331d3)
    Signed-off-by: Julian Maurice <julian.maurice at biblibre.com>

-----------------------------------------------------------------------

Summary of changes:
 C4/Serials.pm |   13 +++++++------
 1 file changed, 7 insertions(+), 6 deletions(-)


hooks/post-receive
-- 
main Koha release repository

More information about the koha-commits mailing list