[phpBB] svn: r181 - trunk/phpbb2

jeroen at wolffelaar.nl jeroen at wolffelaar.nl
Wed Mar 2 01:27:01 CET 2005


Author: jeroen
Date: 2005-03-02 01:23:49 +0100 (Wed, 02 Mar 2005)
New Revision: 181

Modified:
   trunk/phpbb2/apache.conf
   trunk/phpbb2/changelog
Log:
* Fix a bug in the default apache config listing the Alias directives in the
  wrong order. Due to the symlink, on default install this was no problem.
  Thanks Jari Aalto (Closes: #296465)


Modified: trunk/phpbb2/apache.conf
===================================================================
--- trunk/phpbb2/apache.conf	2005-03-02 00:14:43 UTC (rev 180)
+++ trunk/phpbb2/apache.conf	2005-03-02 00:23:49 UTC (rev 181)
@@ -1,5 +1,6 @@
+# Note: order matters
+Alias /phpbb/images/avatars /var/lib/phpbb2/avatars
 Alias /phpbb /usr/share/phpbb2/site
-Alias /phpbb/images/avatars /var/lib/phpbb2/avatars
 
 <DirectoryMatch /usr/share/phpbb2/site/>
 	<IfModule mod_php4.c>
@@ -31,6 +32,6 @@
 #	DocumentRoot /usr/share/phpbb2/site
 #  	# You may need to workaround the global /images/ alias in your apache
 #  	# configuration, your mileage may vary
+#  	Alias /images/avatars /var/lib/phpbb2/avatars
 #  	Alias /images /usr/share/phpbb2/site/images
-#  	Alias /images/avatars /var/lib/phpbb2/avatars
 #</VirtualHost>

Modified: trunk/phpbb2/changelog
===================================================================
--- trunk/phpbb2/changelog	2005-03-02 00:14:43 UTC (rev 180)
+++ trunk/phpbb2/changelog	2005-03-02 00:23:49 UTC (rev 181)
@@ -1,6 +1,10 @@
 phpbb2 (2.0.13-1) unstable; urgency=high
 
-  * New upstream release, closing critical security hole
+  * New upstream release, closing critical security hole allowing anyone to
+    become board admin
+  * Fix a bug in the default apache config listing the Alias directives in the
+    wrong order. Due to the symlink, on default install this was no problem.
+    Thanks Jari Aalto (Closes: #296465)
 
  -- Jeroen van Wolffelaar <jeroen at wolffelaar.nl>  Wed, 02 Mar 2005 00:56:01 +0100
 





More information about the phpBB-l mailing list