Urgent: exact patch to "[20151201] Remote Code Executable"?

A place to discuss recent announcements made by the Joomla! Core Team. Let's hear what you have to say.
Locked
yann180
Joomla! Fledgling
Joomla! Fledgling
Posts: 2
Joined: Mon Dec 14, 2015 6:23 pm

Urgent: exact patch to "[20151201] Remote Code Executable"?

Post by yann180 » Mon Dec 14, 2015 6:26 pm

Hello,

I have an older 1.5.22 that has been modified fairly extensively, so now I'm stuck and I can't easily upgrade. Can someone point me to the software commit (the patch, the changes) that fixed only this critical vulnerability? I'm a software developer, I can apply the patch by myself once I find it. The 3.4.6 patch contains a lot more stuff, so I'd really like to find the commit that fixes this particular issue, rather than a version patch with multiple issues.

Thanks for your help!

Yan

(talking about this issue: https://developer.joomla.org/security-c ... ility.html )

mbabker
Joomla! Hero
Joomla! Hero
Posts: 2176
Joined: Sun Feb 28, 2010 8:26 pm

Re: Urgent: exact patch to "[20151201] Remote Code Executab

Post by mbabker » Mon Dec 14, 2015 6:46 pm

All security fixes are always applied as a single commit when preparing a release. In the case of 1.5, there is a separate patch available as listed in the release announcement at https://www.joomla.org/announcements/re ... eased.html
So long and thanks for all the fish.

Manually updating Joomla? See https://gist.github.com/mbabker/d7bfb4e ... 3607f89281

yann180
Joomla! Fledgling
Joomla! Fledgling
Posts: 2
Joined: Mon Dec 14, 2015 6:23 pm

Re: Urgent: exact patch to "[20151201] Remote Code Executab

Post by yann180 » Mon Dec 14, 2015 7:34 pm

Thanks a lot, got it. Appreciated.

Yan

User avatar
leolam
Joomla! Master
Joomla! Master
Posts: 19018
Joined: Mon Aug 29, 2005 10:17 am
Location: Netherlands/ UK/ S'pore/Jakarta/ North America
Contact:

Re: Urgent: exact patch to "[20151201] Remote Code Executab

Post by leolam » Wed Feb 24, 2016 2:57 pm

yann180 wrote: I'm a software developer,
You should know thn tht you always need to make sure that you are on latest version and in the (So many years EoL) J1.5-branch you should immediately update to latest 1.5.26 and very rapidly migrate to Joomla 3.4.8

Leo 8)
Joomla's #1 Professional Support Provider:
-> Joomla Professional Support: https://gws-desk.com -
-> Joomla Specialized Hosting Solutions: https://gws-host.com -
Member Joomla Bug Squad & Joomla CMS Release Team


Locked

Return to “Announcements Discussions”