Important security update for DTC panel


There was one SQL injection and some more small bugs in DTC that needed immediate attention. I’m kinda happy because these finally pushed a more current version of DTC into Debian. The upgrade would have gone flawless, but suddenly i couldn’t use the admin login anymore. Turns out I still had a password popup open in a different browser tab which meant I didn’t get one in the tab I was in.

I was just getting afraid there would be an issue in mod_security but no, it’s doing it’s job like a champ!

More info / advisory at:

http://www.gplhost.sg/lists/dtcdev/msg02168.html

Err… update:

Another update of DTC in GPLHost repository will be made to fix the
issue (probably version 0.32.11), but I do not plan to fix the Lenny
version for a so tiny issue (without much consequences) that is easily
fixable by hand.

I was thinking What the fuck they’re not fixing it? for 30 minutes now until I understood, the stats will be broken unless the patch is applied. Reverse check: The security issue is gone if your stats are gone, too.

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s