On Thu, Mar 28, 2013 at 10:13 AM, A.L.E.C alec@alec.pl wrote:
On 03/28/2013 09:54 AM, Vladislav Bogdanov wrote:
Patch for 0.6: http://ow.ly/jtQNd
Are previous versions affected?
Looking at my 0.4 installation, save_prefs is implemented absolutely differently, there are lists of prefs for each section, and they are cherry-picked from a what client sends.
0.4 is vulnerable too, you're looking in a wrong place. The issue is in steps/utils/save_pref.inc. We don't support such very old releases.
True, but nevertheless, the 0.6 patches should work for older versions, too.
~Thomas