Accepted elog 2.6.1+r1642-1 (source)

Ubuntu Installer archive at ubuntu.com
Thu Apr 6 18:08:23 BST 2006 

Accepted:
 OK: elog_2.6.1+r1642-1.diff.gz
 OK: elog_2.6.1+r1642.orig.tar.gz
 OK: elog_2.6.1+r1642-1.dsc
     -> Component: universe Section: web

Origin: Debian/unstable
Format: 1.7
Date: Thu,  06 Apr 2006 18:00:30 +0100
Source: elog
Binary: elog
Architecture: source
Version: 2.6.1+r1642-1
Distribution: dapper
Urgency: critical
Maintainer: Recai Oktas <roktas at debian.org>
Changed-By: Martin Pitt <martin.pitt at ubuntu.com>
Description: 
 elog       - Logbook system to manage notes through a Web interface
Closes: 339958 349528
Changes: 
 elog (2.6.1+r1642-1) unstable; urgency=critical
 .
   * New upstream release grabbed from Subversion (r1642).
     + Really fix the security issue CVE-2005-4439.
   * Sigh!  Previous upload has some flaws:
     + Install elcode.js and other resoure files.  ElCode editor buttons
       should work now (thanks David Prince).
     + debian/update: Modify it to catch such sort of errors.
     + Really remove debian/watch.
     + Fix the pbuilder DEBEMAIL field which made the previous upload appear 
       as an NMU.
   * Add a Debian spesific note about the usage of password files in Elog.
   * Urgency set to critical for security fix.
 .
 elog (2.6.1+r1638-1) unstable; urgency=critical
 .
   * New upstream release grabbed from Subversion (r1638).  Fix serious 
     security bugs (thanks to Florian Weimer).  (Closes: #349528)
     + "Do not distinguish between invalid user name and invalid password
        for security reasons"
     + "Fixed infinite redirection with ?fail=1"
     + "Prohibit '..' in URLs" [CVE-2006-0347]
     + "Fixed potential buffer overflows" [CVE-2005-4439]
     + "Added IP address to log file"
   * Urgency set to critical because of the security issues.
   * Upstream code has been migrated to Subversion.  Change package naming 
     scheme so as to track Subversion releases, instead of CVS.
   * Use Subversion exports as pristine sources directly.  In the older 
     versions, we used to rely on the upstream's build script.
   * debian/postrm: Purge cleanly even no logbook has been created.  This 
     situation occurs, for example, when elog is tested with piuparts.  It's 
     because, in fact, elogd can not dynamically create logbooks/demo in 
     postinst stage.  (Closes: #339958)
   * debian/control: Bump Standarts-Version to 3.6.2.
   * debian/rules: Add -lutil to LIBS.
   * debian/update: New utility for easy updates. 
   * debian/watch: Remove unneeded file.
Files: 
 221d92cd83f1e06b9c79c03e720e9ead 12227 web optional elog_2.6.1+r1642-1.diff.gz
 4bd411a9afc7be23a567335641a6c4a3 643347 web optional elog_2.6.1+r1642.orig.tar.gz
 40cc2fe6dc28274d35d48ab3a3300254 569 web optional elog_2.6.1+r1642-1.dsc

More information about the dapper-changes mailing list