Urgent: exact patch to "[20151201] Remote Code Executable"?

A place to discuss recent announcements made by the Joomla! Core Team. Let's hear what you have to say.
yann180
Joomla! Fledgling
Joomla! Fledgling
Posts: 2
Joined: Mon Dec 14, 2015 6:23 pm

Urgent: exact patch to "[20151201] Remote Code Executable"?

Postby yann180 » Mon Dec 14, 2015 6:26 pm

Hello,

I have an older 1.5.22 that has been modified fairly extensively, so now I'm stuck and I can't easily upgrade. Can someone point me to the software commit (the patch, the changes) that fixed only this critical vulnerability? I'm a software developer, I can apply the patch by myself once I find it. The 3.4.6 patch contains a lot more stuff, so I'd really like to find the commit that fixes this particular issue, rather than a version patch with multiple issues.

Thanks for your help!

Yan

(talking about this issue: https://developer.joomla.org/security-c ... ility.html )

User avatar
mbabker
Joomla! Hero
Joomla! Hero
Posts: 2027
Joined: Sun Feb 28, 2010 8:26 pm
Location: White Bear Lake, MN, USA
Contact:

Re: Urgent: exact patch to "[20151201] Remote Code Executab

Postby mbabker » Mon Dec 14, 2015 6:46 pm

All security fixes are always applied as a single commit when preparing a release. In the case of 1.5, there is a separate patch available as listed in the release announcement at https://www.joomla.org/announcements/re ... eased.html
Production Department Coordinator, Release Lead, CMS Maintainer, Framework Maintainer, Security Team Member, .org System Administrator

Manually updating Joomla? See https://gist.github.com/mbabker/d7bfb4e1e2fbc6b7815a733607f89281

yann180
Joomla! Fledgling
Joomla! Fledgling
Posts: 2
Joined: Mon Dec 14, 2015 6:23 pm

Re: Urgent: exact patch to "[20151201] Remote Code Executab

Postby yann180 » Mon Dec 14, 2015 7:34 pm

Thanks a lot, got it. Appreciated.

Yan

User avatar
leolam
Joomla! Master
Joomla! Master
Posts: 18472
Joined: Mon Aug 29, 2005 10:17 am
Location: Netherlands/ UK/ S'pore/Jakarta/ North America
Contact:

Re: Urgent: exact patch to "[20151201] Remote Code Executab

Postby leolam » Wed Feb 24, 2016 2:57 pm

yann180 wrote: I'm a software developer,
You should know thn tht you always need to make sure that you are on latest version and in the (So many years EoL) J1.5-branch you should immediately update to latest 1.5.26 and very rapidly migrate to Joomla 3.4.8

Leo 8)
Celebrating 12-Years of Professional Joomla Support Services
- Joomla Professional Support:https://gws-desk.com -
- Joomla Specialized Hosting Solutions:https://gws-host.com -
- Member Joomla Bug Squad & J-CMS Release Team


Return to “Announcements Discussions”

Who is online

Users browsing this forum: No registered users and 4 guests