Changelog: Difference between revisions

From Ameise-en
Jump to navigationJump to search
No edit summary
No edit summary
 
(5 intermediate revisions by 2 users not shown)
Line 1: Line 1:
== Client ==
== AMEISE System ==


 
=== Version 5.0 ===
 
* released March 21, 2015
=== Version 3.4 ===
* released 2007-02-15
{| style="width:100%;border:0px solid green;padding:0em; color: black;"
{| style="width:100%;border:0px solid green;padding:0em; color: black;"
|-
| style="padding-left:1em"|
''BUGs''
|-
| style="padding-left:2em"|
* Fixed CVE-2007-1001, GD wbmp used with invalid image size (by Ivan Fratric) (Pierre)
* Fixed a header injection via Subject and To parameters to the mail() function (MOPB-34 by Stefan Esser) (Ilia)
* Fixed asciiz byte truncation inside mail() (MOPB-33 by Stefan Esser) (Ilia)
* Fixed wrong length calculation in unserialize S type (MOPB-29 by Stefan Esser) (Stas)
* Fixed a bug in mb_parse_str() that can be used to activate register_globals (MOPB-26 by Stefan Esser) (Ilia)
* Fixed unallocated memory access/double free in in array_user_key_compare() (MOPB-24 by Stefan Esser) (Stas)
* Fixed a double free inside session_regenerate_id() (MOPB-22 by Stefan Esser) (Ilia)
|-
|-
| style="padding-left:1em"|
| style="padding-left:1em"|
Line 23: Line 9:
|-
|-
| style="padding-left:2em"|
| style="padding-left:2em"|
* Fixed CVE-2007-1001, GD wbmp used with invalid image size (by Ivan Fratric) (Pierre)
* New REQ-C14-01, Client interface supports multiple selection of arguments (Santina)
* Fixed a header injection via Subject and To parameters to the mail() function (MOPB-34 by Stefan Esser) (Ilia)
* New REQ-C14-02, AORTA toolkit and Client support password encryption (Dano)
* Fixed asciiz byte truncation inside mail() (MOPB-33 by Stefan Esser) (Ilia)
* New REQ-S14-01, Development environment moved to git (Dano)
* Fixed wrong length calculation in unserialize S type (MOPB-29 by Stefan Esser) (Stas)
* Fixed a bug in mb_parse_str() that can be used to activate register_globals (MOPB-26 by Stefan Esser) (Ilia)
* Fixed unallocated memory access/double free in in array_user_key_compare() (MOPB-24 by Stefan Esser) (Stas)
* Fixed a double free inside session_regenerate_id() (MOPB-22 by Stefan Esser) (Ilia)
|}
 
 
=== Version 3.3 ===
{| style="width:100%;border:0px solid green;padding:0em; color: black;"
|-
|-
| style="padding-left:1em"|
| style="padding-left:1em"|
Line 40: Line 17:
|-
|-
| style="padding-left:2em"|
| style="padding-left:2em"|
* Fixed CVE-2007-1001, GD wbmp used with invalid image size (by Ivan Fratric) (Pierre)
* Fixed CR-C14-01, System crashes due to too many parallel requests (Dano)
* Fixed a header injection via Subject and To parameters to the mail() function (MOPB-34 by Stefan Esser) (Ilia)
* Fixed CR-C14-02, Performance problems with MySQL database (Bollin)
* Fixed asciiz byte truncation inside mail() (MOPB-33 by Stefan Esser) (Ilia)
* Fixed wrong length calculation in unserialize S type (MOPB-29 by Stefan Esser) (Stas)
* Fixed a bug in mb_parse_str() that can be used to activate register_globals (MOPB-26 by Stefan Esser) (Ilia)
* Fixed unallocated memory access/double free in in array_user_key_compare() (MOPB-24 by Stefan Esser) (Stas)
* Fixed a double free inside session_regenerate_id() (MOPB-22 by Stefan Esser) (Ilia)
|-
| style="padding-left:1em"|
''NEW FEATUREs''
|-
| style="padding-left:2em"|
* Fixed CVE-2007-1001, GD wbmp used with invalid image size (by Ivan Fratric) (Pierre)
* Fixed a header injection via Subject and To parameters to the mail() function (MOPB-34 by Stefan Esser) (Ilia)
* Fixed asciiz byte truncation inside mail() (MOPB-33 by Stefan Esser) (Ilia)
* Fixed wrong length calculation in unserialize S type (MOPB-29 by Stefan Esser) (Stas)
* Fixed a bug in mb_parse_str() that can be used to activate register_globals (MOPB-26 by Stefan Esser) (Ilia)
* Fixed unallocated memory access/double free in in array_user_key_compare() (MOPB-24 by Stefan Esser) (Stas)
* Fixed a double free inside session_regenerate_id() (MOPB-22 by Stefan Esser) (Ilia)
|}
|}




=== Version 3.2 ===
=== Version 3.4 ===
* released May 15, 2007
{| style="width:100%;border:0px solid green;padding:0em; color: black;"
{| style="width:100%;border:0px solid green;padding:0em; color: black;"
|-
| style="padding-left:1em"|
''BUGs''
|-
| style="padding-left:2em"|
* Fixed CVE-2007-1001, GD wbmp used with invalid image size (by Ivan Fratric) (Pierre)
* Fixed a header injection via Subject and To parameters to the mail() function (MOPB-34 by Stefan Esser) (Ilia)
* Fixed asciiz byte truncation inside mail() (MOPB-33 by Stefan Esser) (Ilia)
* Fixed wrong length calculation in unserialize S type (MOPB-29 by Stefan Esser) (Stas)
* Fixed a bug in mb_parse_str() that can be used to activate register_globals (MOPB-26 by Stefan Esser) (Ilia)
* Fixed unallocated memory access/double free in in array_user_key_compare() (MOPB-24 by Stefan Esser) (Stas)
* Fixed a double free inside session_regenerate_id() (MOPB-22 by Stefan Esser) (Ilia)
|-
|-
| style="padding-left:1em"|
| style="padding-left:1em"|
Line 81: Line 30:
|-
|-
| style="padding-left:2em"|
| style="padding-left:2em"|
* Fixed CVE-2007-1001, GD wbmp used with invalid image size (by Ivan Fratric) (Pierre)
* New REQ-S07-01, Adding a new command (show me all activities) (Bollin)
* Fixed a header injection via Subject and To parameters to the mail() function (MOPB-34 by Stefan Esser) (Ilia)
* New REQ-C07-03, Removing the friendly peer component due to resource problems (Pohl)
* Fixed asciiz byte truncation inside mail() (MOPB-33 by Stefan Esser) (Ilia)
* New REQ-C07-04, Advisor gives context-sensitive feedback (Pohl, Kury)
* Fixed wrong length calculation in unserialize S type (MOPB-29 by Stefan Esser) (Stas)
* Fixed a bug in mb_parse_str() that can be used to activate register_globals (MOPB-26 by Stefan Esser) (Ilia)
* Fixed unallocated memory access/double free in in array_user_key_compare() (MOPB-24 by Stefan Esser) (Stas)
* Fixed a double free inside session_regenerate_id() (MOPB-22 by Stefan Esser) (Ilia)
|}
 
 
=== Version 3.1 ===
{| style="width:100%;border:0px solid green;padding:0em; color: black;"
|-
| style="padding-left:1em"|
''BUGs''
|-
| style="padding-left:2em"|
* Fixed CVE-2007-1001, GD wbmp used with invalid image size (by Ivan Fratric) (Pierre)
* Fixed a header injection via Subject and To parameters to the mail() function (MOPB-34 by Stefan Esser) (Ilia)
* Fixed asciiz byte truncation inside mail() (MOPB-33 by Stefan Esser) (Ilia)
* Fixed wrong length calculation in unserialize S type (MOPB-29 by Stefan Esser) (Stas)
* Fixed a bug in mb_parse_str() that can be used to activate register_globals (MOPB-26 by Stefan Esser) (Ilia)
* Fixed unallocated memory access/double free in in array_user_key_compare() (MOPB-24 by Stefan Esser) (Stas)
* Fixed a double free inside session_regenerate_id() (MOPB-22 by Stefan Esser) (Ilia)
|-
| style="padding-left:1em"|
''NEW FEATUREs''
|-
| style="padding-left:2em"|
* Fixed CVE-2007-1001, GD wbmp used with invalid image size (by Ivan Fratric) (Pierre)
* Fixed a header injection via Subject and To parameters to the mail() function (MOPB-34 by Stefan Esser) (Ilia)
* Fixed asciiz byte truncation inside mail() (MOPB-33 by Stefan Esser) (Ilia)
* Fixed wrong length calculation in unserialize S type (MOPB-29 by Stefan Esser) (Stas)
* Fixed a bug in mb_parse_str() that can be used to activate register_globals (MOPB-26 by Stefan Esser) (Ilia)
* Fixed unallocated memory access/double free in in array_user_key_compare() (MOPB-24 by Stefan Esser) (Stas)
* Fixed a double free inside session_regenerate_id() (MOPB-22 by Stefan Esser) (Ilia)
|}
 
 
=== Version 3.0 ===
{| style="width:100%;border:0px solid green;padding:0em; color: black;"
|-
| style="padding-left:1em"|
''BUGs''
|-
| style="padding-left:2em"|
* Fixed CVE-2007-1001, GD wbmp used with invalid image size (by Ivan Fratric) (Pierre)
* Fixed a header injection via Subject and To parameters to the mail() function (MOPB-34 by Stefan Esser) (Ilia)
* Fixed asciiz byte truncation inside mail() (MOPB-33 by Stefan Esser) (Ilia)
* Fixed wrong length calculation in unserialize S type (MOPB-29 by Stefan Esser) (Stas)
* Fixed a bug in mb_parse_str() that can be used to activate register_globals (MOPB-26 by Stefan Esser) (Ilia)
* Fixed unallocated memory access/double free in in array_user_key_compare() (MOPB-24 by Stefan Esser) (Stas)
* Fixed a double free inside session_regenerate_id() (MOPB-22 by Stefan Esser) (Ilia)
|-
| style="padding-left:1em"|
''NEW FEATUREs''
|-
| style="padding-left:2em"|
* Fixed CVE-2007-1001, GD wbmp used with invalid image size (by Ivan Fratric) (Pierre)
* Fixed a header injection via Subject and To parameters to the mail() function (MOPB-34 by Stefan Esser) (Ilia)
* Fixed asciiz byte truncation inside mail() (MOPB-33 by Stefan Esser) (Ilia)
* Fixed wrong length calculation in unserialize S type (MOPB-29 by Stefan Esser) (Stas)
* Fixed a bug in mb_parse_str() that can be used to activate register_globals (MOPB-26 by Stefan Esser) (Ilia)
* Fixed unallocated memory access/double free in in array_user_key_compare() (MOPB-24 by Stefan Esser) (Stas)
* Fixed a double free inside session_regenerate_id() (MOPB-22 by Stefan Esser) (Ilia)
|}
 
 
 
== Server ==
 
=== Version 3.4 ===
{| style="width:100%;border:0px solid green;padding:0em; color: black;"
|-
|-
| style="padding-left:1em"|
| style="padding-left:1em"|
Line 159: Line 38:
|-
|-
| style="padding-left:2em"|
| style="padding-left:2em"|
* Fixed CVE-2007-1001, GD wbmp used with invalid image size (by Ivan Fratric) (Pierre)
* Fixed CR-C07-01, Client timeouts during a simulation run due to database deadlocks (Pohl)
* Fixed a header injection via Subject and To parameters to the mail() function (MOPB-34 by Stefan Esser) (Ilia)
* Fixed CR-C07-02, Incorrect synchronisation of the supervisor components (Pohl)
* Fixed asciiz byte truncation inside mail() (MOPB-33 by Stefan Esser) (Ilia)
* Fixed CR-C06-13, Special characters in the command selection list (Bollin)
* Fixed wrong length calculation in unserialize S type (MOPB-29 by Stefan Esser) (Stas)
* Fixed CR-C06-02, Old database initialization scripts (Pohl)
* Fixed a bug in mb_parse_str() that can be used to activate register_globals (MOPB-26 by Stefan Esser) (Ilia)
* Fixed unallocated memory access/double free in in array_user_key_compare() (MOPB-24 by Stefan Esser) (Stas)
* Fixed a double free inside session_regenerate_id() (MOPB-22 by Stefan Esser) (Ilia)
|-
| style="padding-left:1em"|
''NEW FEATUREs''
|-
| style="padding-left:2em"|
* Fixed CVE-2007-1001, GD wbmp used with invalid image size (by Ivan Fratric) (Pierre)
* Fixed a header injection via Subject and To parameters to the mail() function (MOPB-34 by Stefan Esser) (Ilia)
* Fixed asciiz byte truncation inside mail() (MOPB-33 by Stefan Esser) (Ilia)
* Fixed wrong length calculation in unserialize S type (MOPB-29 by Stefan Esser) (Stas)
* Fixed a bug in mb_parse_str() that can be used to activate register_globals (MOPB-26 by Stefan Esser) (Ilia)
* Fixed unallocated memory access/double free in in array_user_key_compare() (MOPB-24 by Stefan Esser) (Stas)
* Fixed a double free inside session_regenerate_id() (MOPB-22 by Stefan Esser) (Ilia)
|}
|}




=== Version 3.3 ===
=== Version 3.3 ===
* released Dec. 15, 2006
{| style="width:100%;border:0px solid green;padding:0em; color: black;"
{| style="width:100%;border:0px solid green;padding:0em; color: black;"
|-
| style="padding-left:1em"|
''BUGs''
|-
| style="padding-left:2em"|
* Fixed CVE-2007-1001, GD wbmp used with invalid image size (by Ivan Fratric) (Pierre)
* Fixed a header injection via Subject and To parameters to the mail() function (MOPB-34 by Stefan Esser) (Ilia)
* Fixed asciiz byte truncation inside mail() (MOPB-33 by Stefan Esser) (Ilia)
* Fixed wrong length calculation in unserialize S type (MOPB-29 by Stefan Esser) (Stas)
* Fixed a bug in mb_parse_str() that can be used to activate register_globals (MOPB-26 by Stefan Esser) (Ilia)
* Fixed unallocated memory access/double free in in array_user_key_compare() (MOPB-24 by Stefan Esser) (Stas)
* Fixed a double free inside session_regenerate_id() (MOPB-22 by Stefan Esser) (Ilia)
|-
|-
| style="padding-left:1em"|
| style="padding-left:1em"|
Line 200: Line 53:
|-
|-
| style="padding-left:2em"|
| style="padding-left:2em"|
* Fixed CVE-2007-1001, GD wbmp used with invalid image size (by Ivan Fratric) (Pierre)
* New REQ-C06-05, The feedback of the simulator is formatted as html text(Pohl)
* Fixed a header injection via Subject and To parameters to the mail() function (MOPB-34 by Stefan Esser) (Ilia)
* New REQ-C06-06, Line breaks are added for a better reading of texts by users (Pohl)
* Fixed asciiz byte truncation inside mail() (MOPB-33 by Stefan Esser) (Ilia)
* New REQ-S06-06, Changing the model to cover the whole academic year 2007 (Bollin)
* Fixed wrong length calculation in unserialize S type (MOPB-29 by Stefan Esser) (Stas)
* Fixed a bug in mb_parse_str() that can be used to activate register_globals (MOPB-26 by Stefan Esser) (Ilia)
* Fixed unallocated memory access/double free in in array_user_key_compare() (MOPB-24 by Stefan Esser) (Stas)
* Fixed a double free inside session_regenerate_id() (MOPB-22 by Stefan Esser) (Ilia)
|}
 
 
=== Version 3.2 ===
{| style="width:100%;border:0px solid green;padding:0em; color: black;"
|-
|-
| style="padding-left:1em"|
| style="padding-left:1em"|
Line 217: Line 61:
|-
|-
| style="padding-left:2em"|
| style="padding-left:2em"|
* Fixed CVE-2007-1001, GD wbmp used with invalid image size (by Ivan Fratric) (Pierre)
* Fixed CR-C06-04, AORTA handout merged different simulation runs in several graphs (Pohl)
* Fixed a header injection via Subject and To parameters to the mail() function (MOPB-34 by Stefan Esser) (Ilia)
* Fixed CR-C06-03, Simulation core crash due to a SESAM bug (Bollin)
* Fixed asciiz byte truncation inside mail() (MOPB-33 by Stefan Esser) (Ilia)
* Fixed wrong length calculation in unserialize S type (MOPB-29 by Stefan Esser) (Stas)
* Fixed a bug in mb_parse_str() that can be used to activate register_globals (MOPB-26 by Stefan Esser) (Ilia)
* Fixed unallocated memory access/double free in in array_user_key_compare() (MOPB-24 by Stefan Esser) (Stas)
* Fixed a double free inside session_regenerate_id() (MOPB-22 by Stefan Esser) (Ilia)
|-
| style="padding-left:1em"|
''NEW FEATUREs''
|-
| style="padding-left:2em"|
* Fixed CVE-2007-1001, GD wbmp used with invalid image size (by Ivan Fratric) (Pierre)
* Fixed a header injection via Subject and To parameters to the mail() function (MOPB-34 by Stefan Esser) (Ilia)
* Fixed asciiz byte truncation inside mail() (MOPB-33 by Stefan Esser) (Ilia)
* Fixed wrong length calculation in unserialize S type (MOPB-29 by Stefan Esser) (Stas)
* Fixed a bug in mb_parse_str() that can be used to activate register_globals (MOPB-26 by Stefan Esser) (Ilia)
* Fixed unallocated memory access/double free in in array_user_key_compare() (MOPB-24 by Stefan Esser) (Stas)
* Fixed a double free inside session_regenerate_id() (MOPB-22 by Stefan Esser) (Ilia)
|}
|}


=== Version 3.1 ===
{| style="width:100%;border:0px solid green;padding:0em; color: black;"
|-
| style="padding-left:1em"|
''BUGs''
|-
| style="padding-left:2em"|
* Fixed CVE-2007-1001, GD wbmp used with invalid image size (by Ivan Fratric) (Pierre)
* Fixed a header injection via Subject and To parameters to the mail() function (MOPB-34 by Stefan Esser) (Ilia)
* Fixed asciiz byte truncation inside mail() (MOPB-33 by Stefan Esser) (Ilia)
* Fixed wrong length calculation in unserialize S type (MOPB-29 by Stefan Esser) (Stas)
* Fixed a bug in mb_parse_str() that can be used to activate register_globals (MOPB-26 by Stefan Esser) (Ilia)
* Fixed unallocated memory access/double free in in array_user_key_compare() (MOPB-24 by Stefan Esser) (Stas)
* Fixed a double free inside session_regenerate_id() (MOPB-22 by Stefan Esser) (Ilia)
|-
| style="padding-left:1em"|
''NEW FEATUREs''
|-
| style="padding-left:2em"|
* Fixed CVE-2007-1001, GD wbmp used with invalid image size (by Ivan Fratric) (Pierre)
* Fixed a header injection via Subject and To parameters to the mail() function (MOPB-34 by Stefan Esser) (Ilia)
* Fixed asciiz byte truncation inside mail() (MOPB-33 by Stefan Esser) (Ilia)
* Fixed wrong length calculation in unserialize S type (MOPB-29 by Stefan Esser) (Stas)
* Fixed a bug in mb_parse_str() that can be used to activate register_globals (MOPB-26 by Stefan Esser) (Ilia)
* Fixed unallocated memory access/double free in in array_user_key_compare() (MOPB-24 by Stefan Esser) (Stas)
* Fixed a double free inside session_regenerate_id() (MOPB-22 by Stefan Esser) (Ilia)
|}
=== Version 3.0 ===
{| style="width:100%;border:0px solid green;padding:0em; color: black;"
|-
| style="padding-left:1em"|
''BUGs''
|-
| style="padding-left:2em"|
* Fixed CVE-2007-1001, GD wbmp used with invalid image size (by Ivan Fratric) (Pierre)
* Fixed a header injection via Subject and To parameters to the mail() function (MOPB-34 by Stefan Esser) (Ilia)
* Fixed asciiz byte truncation inside mail() (MOPB-33 by Stefan Esser) (Ilia)
* Fixed wrong length calculation in unserialize S type (MOPB-29 by Stefan Esser) (Stas)
* Fixed a bug in mb_parse_str() that can be used to activate register_globals (MOPB-26 by Stefan Esser) (Ilia)
* Fixed unallocated memory access/double free in in array_user_key_compare() (MOPB-24 by Stefan Esser) (Stas)
* Fixed a double free inside session_regenerate_id() (MOPB-22 by Stefan Esser) (Ilia)
|-
| style="padding-left:1em"|
''NEW FEATUREs''
|-
| style="padding-left:2em"|
* Fixed CVE-2007-1001, GD wbmp used with invalid image size (by Ivan Fratric) (Pierre)
* Fixed a header injection via Subject and To parameters to the mail() function (MOPB-34 by Stefan Esser) (Ilia)
* Fixed asciiz byte truncation inside mail() (MOPB-33 by Stefan Esser) (Ilia)
* Fixed wrong length calculation in unserialize S type (MOPB-29 by Stefan Esser) (Stas)
* Fixed a bug in mb_parse_str() that can be used to activate register_globals (MOPB-26 by Stefan Esser) (Ilia)
* Fixed unallocated memory access/double free in in array_user_key_compare() (MOPB-24 by Stefan Esser) (Stas)
* Fixed a double free inside session_regenerate_id() (MOPB-22 by Stefan Esser) (Ilia)
|}




[[de:Changelog]]
[[de:Changelog]]
[[en:Changelog]]
[[en:Changelog]]
__NOTOC__
__NOEDITSECTION__
__NOEDITSECTION__

Latest revision as of 07:39, 15 May 2015

AMEISE System

Version 5.0

  • released March 21, 2015

NEW FEATUREs

  • New REQ-C14-01, Client interface supports multiple selection of arguments (Santina)
  • New REQ-C14-02, AORTA toolkit and Client support password encryption (Dano)
  • New REQ-S14-01, Development environment moved to git (Dano)

BUGs

  • Fixed CR-C14-01, System crashes due to too many parallel requests (Dano)
  • Fixed CR-C14-02, Performance problems with MySQL database (Bollin)


Version 3.4

  • released May 15, 2007

NEW FEATUREs

  • New REQ-S07-01, Adding a new command (show me all activities) (Bollin)
  • New REQ-C07-03, Removing the friendly peer component due to resource problems (Pohl)
  • New REQ-C07-04, Advisor gives context-sensitive feedback (Pohl, Kury)

BUGs

  • Fixed CR-C07-01, Client timeouts during a simulation run due to database deadlocks (Pohl)
  • Fixed CR-C07-02, Incorrect synchronisation of the supervisor components (Pohl)
  • Fixed CR-C06-13, Special characters in the command selection list (Bollin)
  • Fixed CR-C06-02, Old database initialization scripts (Pohl)


Version 3.3

  • released Dec. 15, 2006

NEW FEATUREs

  • New REQ-C06-05, The feedback of the simulator is formatted as html text(Pohl)
  • New REQ-C06-06, Line breaks are added for a better reading of texts by users (Pohl)
  • New REQ-S06-06, Changing the model to cover the whole academic year 2007 (Bollin)

BUGs

  • Fixed CR-C06-04, AORTA handout merged different simulation runs in several graphs (Pohl)
  • Fixed CR-C06-03, Simulation core crash due to a SESAM bug (Bollin)