Print Page - Security leak (sep 10th 2014), where is patch?

Title: Security leak (sep 10th 2014), where is patch?
Post by: emel on September 11, 2014, 11:47:57 AM

hi team

regarding this alarming post:
http://blog.sucuri.net/2014/09/security-advisory-virtuemart-for-joomla.html

is there an update (patch) available. or is your latest 26.10 enough to stop the leak?

i read 26.10C is the version to install, but can't figure out if that's on your download section.

thx

Title: Re: Security leak (sep 10th 2014), where is patch?
Post by: jenkinhill on September 11, 2014, 12:04:36 PM

Securi don't show the right version number. It's 2.6.10 from http://dev.virtuemart.net/projects/virtuemart/files that should be used. Test all updates on a backup copy of the site first.

Title: Re: Security leak (sep 10th 2014), where is patch?
Post by: manosthx on September 11, 2014, 15:16:10 PM

Can you give as a patch for this fix ? Or can you give as the file that you have change ? it is difficult to update the virtuemart to 20 sites ASAP!

Title: Re: Security leak (sep 10th 2014), where is patch?
Post by: jenkinhill on September 12, 2014, 12:13:46 PM

The quick fix can now be shown, see http://virtuemart.net/news/latest-news/462-security-release-of-vm2-6-10-and-vm2-9-9b

VirtueMart Forum

VirtueMart 2 + 3 + 4 => Installation, Migration & Upgrade => Topic started by: emel on September 11, 2014, 11:47:57 AM