Package: serendipity Version: 1.3.1-1 Severity: important Hi,
Using serendipity with PostgreSQL 8.3.3-1 and php5-pgsql 5.2.6-3 gives me the following errors: Sep 19 18:05:34 zbasel postgres[19689]: [5-1] ERROR: duplicate key value violates unique constraint "s9y_referrers_pkey" Sep 19 18:05:34 zbasel postgres[19689]: [5-2] STATEMENT: INSERT INTO s9y_referrers Sep 19 18:05:34 zbasel postgres[19689]: [5-3] ^I (entry_id, day, count, scheme, host, port, path, query) Sep 19 18:05:34 zbasel postgres[19689]: [5-4] ^I VALUES (0, '2008-09-19', 1, 'http', 'fortytwo.ch', '', '/blog/', '') Sep 20 16:28:10 zbasel postgres[28007]: [5-1] ERROR: operator does not exist: character varying < integer at character 172 Sep 20 16:28:10 zbasel postgres[28007]: [5-3] STATEMENT: DELETE FROM s9y_options Sep 20 16:28:10 zbasel postgres[28007]: [5-4] ^I WHERE okey = 'l_e96c5125b1c79e1471e76a22ecd2602c' Sep 20 16:28:10 zbasel postgres[28007]: [5-5] ^I OR (okey LIKE 'l_%' AND name < 1220106489) I consider such SQL errors to be quite serious, maybe this bug should even be RC? Especially since the error log doesn't show anything and the access log only shows perfectly normal queries: 130.136.31.122 - - [19/Sep/2008:18:05:34 +0200] "GET /archives/2-42.html HTTP/1.1" 200 4384 "-" "Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.9.0.1) Gecko/2008071618 Iceweasel/3.0.1 (Debian-3.0.1-1)" 130.136.31.122 - - [19/Sep/2008:18:05:35 +0200] "GET /plugin/ls-js HTTP/1.1" 200 6069 "http://blog.fortytwo.ch/archives/2-42.html"; "Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.9.0.1) Gecko/2008071618 Iceweasel/3.0.1 (Debian-3.0.1-1)" 130.136.31.122 - - [19/Sep/2008:18:05:35 +0200] "GET /serendipity.css HTTP/1.1" 200 6484 "http://blog.fortytwo.ch/archives/2-42.html"; "Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.9.0.1) Gecko/2008071618 Iceweasel/3.0.1 (Debian-3.0.1-1) 130.136.31.122 - - [19/Sep/2008:18:05:35 +0200] "GET /index.php?/plugin/livecomment.js HTTP/1.1" 200 5000 "http://blog.fortytwo.ch/archives/2-42.html"; "Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.9.0.1) Gecko/2008071618 Iceweasel/3.0.1 130.136.31.122 - - [19/Sep/2008:18:05:35 +0200] "GET /templates/default/img/forward.png HTTP/1.1" 200 477 "http://blog.fortytwo.ch/archives/2-42.html"; "Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.9.0.1) Gecko/2008071618 Iceweasel/3.0.1 81.221.167.181 - - [20/Sep/2008:16:28:09 +0200] "GET / HTTP/1.1" 200 4068 "-" "Mozilla/5.0 (compatible; Konqueror/3.5; Linux) KHTML/3.5.9 (like Gecko) (Debian)" 81.221.167.181 - - [20/Sep/2008:16:28:12 +0200] "GET /plugin/ls-js HTTP/1.1" 200 6069 "http://blog.fortytwo.ch/"; "Mozilla/5.0 (compatible; Konqueror/3.5; Linux) KHTML/3.5.9 (like Gecko) (Debian)" 81.221.167.181 - - [20/Sep/2008:16:28:12 +0200] "GET /serendipity.css HTTP/1.1" 200 6484 "http://blog.fortytwo.ch/"; "Mozilla/5.0 (compatible; Konqueror/3.5; Linux) KHTML/3.5.9 (like Gecko) (Debian)" 81.221.167.181 - - [20/Sep/2008:16:28:12 +0200] "GET /index.php?/plugin/livecomment.js HTTP/1.1" 200 5000 "http://blog.fortytwo.ch/"; "Mozilla/5.0 (compatible; Konqueror/3.5; Linux) KHTML/3.5.9 (like Gecko) (Debian)" (Disregarding of course the possibility that my box has already been hacked with an SQL injection and the attacker forgot to clean up those two SQL errors but cleaned up all other logs... ;-) cheers -- vbi -- pub 1024D/92082481 2002-02-22 Adrian von Bidder <[EMAIL PROTECTED]> Key fingerprint = EFE3 96F4 18F5 8D65 8494 28FC 1438 5168 9208 2481
signature.asc
Description: This is a digitally signed message part.
