Release notes updates.

author matty%chariot.net.au <>

Fri, 4 Apr 2008 11:47:46 +0000 (11:47 +0000)

committer matty%chariot.net.au <>

Fri, 4 Apr 2008 11:47:46 +0000 (11:47 +0000)
author matty%chariot.net.au <>
Fri, 4 Apr 2008 11:47:46 +0000 (11:47 +0000)
committer matty%chariot.net.au <>
Fri, 4 Apr 2008 11:47:46 +0000 (11:47 +0000)
diff --git a/docs/en/rel_notes.txt b/docs/en/rel_notes.txt

index 9d84e6818f76261eab8e2bb35836a37f7e3a71af..366673f974b5e15e9cbf8f2ae03b987811520473 100644 (file)
--- a/docs/en/rel_notes.txt
+++ b/docs/en/rel_notes.txt
@@ -143,10 +143,6 @@ fix the problem on your installation.
  
  *** SECURITY ISSUES RESOLVED ***
  
-- The bug list sort order could take arbitrary SQL.  There
-  are no known exploits for this problem.
-  (bug 130821)
-
  - The bug reporter could set the priority even when
    'letsubmitterchoosepriority' was off.
    (bug 63018)
@@ -401,6 +397,12 @@ fix the problem on your installation.
    corrupted.
    (bug 92263)
  
+- The bug list sort order is now stricter about the SQL it will accept,
+  ensuring you use correct column name syntax.  Before this, there were
+  some syntax checks, so it is not known whether this problem was
+  exploitable.
+  (bug 130821)
+
  ********************************************
  *** USERS UPGRADING FROM 2.14 OR EARLIER ***
  ********************************************
author	matty%chariot.net.au <>
	Fri, 4 Apr 2008 11:47:46 +0000 (11:47 +0000)
committer	matty%chariot.net.au <>
	Fri, 4 Apr 2008 11:47:46 +0000 (11:47 +0000)