[ubuntu/natty] dtc 0.32.10-1 (Accepted)

Ubuntu Installer archive at ubuntu.com
Fri Mar 11 16:55:55 UTC 2011


dtc (0.32.10-1) unstable; urgency=low

  * Re-releasing, because version 0.32.9 had a buggy bw_per_month.php (it was
    never displayed).

dtc (0.32.9-1) unstable; urgency=low

  * Fixes: CVE-2011-0434: SQL injection in bw_per_month.php graph
  * Fixes: CVE-2011-0435: Bandwidth information disclosure in bw_per_month.php
    graph.
  * Fixes: CVE-2011-0436: Passwords being emailed to the admin in clear text
    (Closes: #614302).
  * Fixes: CVE-2011-0437: Removed dangerous SQL old unused code for ssh
    accounts management.

dtc (0.32.8-1) unstable; urgency=low

  * Removed the user_cronjob that shouldn't have been there at all.

dtc (0.32.7-1) unstable; urgency=low

  * Removed all addslashes() calls for the graphs, replaced it with some double
    quotes, so that l12n is working as expected (unbreaks graphs of 0.32.6).

dtc (0.32.6-1) unstable; urgency=low

  * New upstream version fixing the following:
  - Fixed the HELO in the daemon status so that it doesn't fail in CentOS.
  - Fixed l12n of graphs using single quotes.
  - Switched some add_slashes to mysql_real_escape_string.

Date: Fri,  11 Mar 2011 16:55:12 +0000
Changed-By: Thomas Goirand <thomas at goirand.fr>
Maintainer: Thomas Goirand <zigo at debian.org>
Origin: Debian/unstable
https://launchpad.net/ubuntu/natty/+source/dtc/0.32.10-1
-------------- next part --------------
Origin: Debian/unstable
Format: 1.7
Date: Fri,  11 Mar 2011 16:55:12 +0000
Source: dtc
Binary: dtc-common, dtc-dos-firewall, dtc-postfix-dovecot, dtc-core, dtc-cyrus, dtc-postfix-courier, dtc-stats-daemon, dtc-toaster, dtc-autodeploy
Architecture: source
Version: 0.32.10-1
Distribution: natty
Urgency: low
Maintainer: Thomas Goirand <zigo at debian.org>
Changed-By: Thomas Goirand <thomas at goirand.fr>
Closes: 614302
Files:
 70f854b3fe7c6ccad3fd48fe72f5b210 12111999 admin extra dtc_0.32.10.orig.tar.gz
 61c74e40fd53a439be1413f7a40239ab 98958 admin extra dtc_0.32.10-1.diff.gz
 067c2f35d6085cbcde2431477bed8f5d 1253 admin extra dtc_0.32.10-1.dsc
Changes:
 dtc (0.32.10-1) unstable; urgency=low
 .
   * Re-releasing, because version 0.32.9 had a buggy bw_per_month.php (it was
     never displayed).
 .
 dtc (0.32.9-1) unstable; urgency=low
 .
   * Fixes: CVE-2011-0434: SQL injection in bw_per_month.php graph
   * Fixes: CVE-2011-0435: Bandwidth information disclosure in bw_per_month.php
     graph.
   * Fixes: CVE-2011-0436: Passwords being emailed to the admin in clear text
     (Closes: #614302).
   * Fixes: CVE-2011-0437: Removed dangerous SQL old unused code for ssh
     accounts management.
 .
 dtc (0.32.8-1) unstable; urgency=low
 .
   * Removed the user_cronjob that shouldn't have been there at all.
 .
 dtc (0.32.7-1) unstable; urgency=low
 .
   * Removed all addslashes() calls for the graphs, replaced it with some double
     quotes, so that l12n is working as expected (unbreaks graphs of 0.32.6).
 .
 dtc (0.32.6-1) unstable; urgency=low
 .
   * New upstream version fixing the following:
   - Fixed the HELO in the daemon status so that it doesn't fail in CentOS.
   - Fixed l12n of graphs using single quotes.
   - Switched some add_slashes to mysql_real_escape_string.



More information about the Natty-changes mailing list