=====================================================================

                           CERT-Renater

               Note d'Information No. 2013/VULN478
_____________________________________________________________________

DATE                : 23/10/2013

HARDWARE PLATFORM(S): /

OPERATING SYSTEM(S):  Systems running GuppY version prior to 4.6.28.

======================================================================
http://www.freeguppy.org/thread.php?lng=en&pg=244900&cat=200
______________________________________________________________________

GuppY - Security Patch 4.6.28

We are pleased to come up with patch 4.6.28 which features :

- Correction of two code embedding security XSS flaws. ( thanks you
Saxbar, jchouix, JeanMi )

- Correction of a squeak in mktime in agenda ( thanks you Saxbar )


Many thanks to High-Tech Bridge Security Research Lab for very kind
notice.


Beware! All GuppY versions are concerned, no exception.

You REALLY MUST INSTALL AT ONCE this correction patch to keep up with
security on your site.


As with each new version, please do not forget to update your plugins,
reinstall your forks, and revalidate your configuration pages.

To move up from the 4.6.26, 4.6.27, 4.6.27-1 to 4.6.28 version, you
must use this patch_nc_4628.


Thank you for your understanding and we apologize for these errors.

Thank you to all participants in this patch.

The GuppY Team

=========================================================
Serveur de référence du CERT-Renater
https://services.renater.fr/ssi/
==========================================================
+ CERT-RENATER          | tel : 01-53-94-20-44           +
+ 23 - 25 Rue Daviel    | fax : 01-53-94-20-41           +
+ 75013 Paris           | email: cert@support.renater.fr +
==========================================================