Accepted elog 2.6.1+r1642-1 (source)
Ubuntu Installer
archive at ubuntu.com
Thu Apr 6 18:08:23 BST 2006
Accepted:
OK: elog_2.6.1+r1642-1.diff.gz
OK: elog_2.6.1+r1642.orig.tar.gz
OK: elog_2.6.1+r1642-1.dsc
-> Component: universe Section: web
Origin: Debian/unstable
Format: 1.7
Date: Thu, 06 Apr 2006 18:00:30 +0100
Source: elog
Binary: elog
Architecture: source
Version: 2.6.1+r1642-1
Distribution: dapper
Urgency: critical
Maintainer: Recai Oktas <roktas at debian.org>
Changed-By: Martin Pitt <martin.pitt at ubuntu.com>
Description:
elog - Logbook system to manage notes through a Web interface
Closes: 339958 349528
Changes:
elog (2.6.1+r1642-1) unstable; urgency=critical
.
* New upstream release grabbed from Subversion (r1642).
+ Really fix the security issue CVE-2005-4439.
* Sigh! Previous upload has some flaws:
+ Install elcode.js and other resoure files. ElCode editor buttons
should work now (thanks David Prince).
+ debian/update: Modify it to catch such sort of errors.
+ Really remove debian/watch.
+ Fix the pbuilder DEBEMAIL field which made the previous upload appear
as an NMU.
* Add a Debian spesific note about the usage of password files in Elog.
* Urgency set to critical for security fix.
.
elog (2.6.1+r1638-1) unstable; urgency=critical
.
* New upstream release grabbed from Subversion (r1638). Fix serious
security bugs (thanks to Florian Weimer). (Closes: #349528)
+ "Do not distinguish between invalid user name and invalid password
for security reasons"
+ "Fixed infinite redirection with ?fail=1"
+ "Prohibit '..' in URLs" [CVE-2006-0347]
+ "Fixed potential buffer overflows" [CVE-2005-4439]
+ "Added IP address to log file"
* Urgency set to critical because of the security issues.
* Upstream code has been migrated to Subversion. Change package naming
scheme so as to track Subversion releases, instead of CVS.
* Use Subversion exports as pristine sources directly. In the older
versions, we used to rely on the upstream's build script.
* debian/postrm: Purge cleanly even no logbook has been created. This
situation occurs, for example, when elog is tested with piuparts. It's
because, in fact, elogd can not dynamically create logbooks/demo in
postinst stage. (Closes: #339958)
* debian/control: Bump Standarts-Version to 3.6.2.
* debian/rules: Add -lutil to LIBS.
* debian/update: New utility for easy updates.
* debian/watch: Remove unneeded file.
Files:
221d92cd83f1e06b9c79c03e720e9ead 12227 web optional elog_2.6.1+r1642-1.diff.gz
4bd411a9afc7be23a567335641a6c4a3 643347 web optional elog_2.6.1+r1642.orig.tar.gz
40cc2fe6dc28274d35d48ab3a3300254 569 web optional elog_2.6.1+r1642-1.dsc
More information about the dapper-changes
mailing list