[Bug 601010] [NEW] Please sync viewvc 1.1.5-1 (universe) from Debian unstable (main).
Launchpad Bug Tracker
601010 at bugs.launchpad.net
Sat Jul 3 00:50:51 BST 2010
You have been subscribed to a public bug by Iain Lane (laney):
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
affects ubuntu/viewvc
status new
importance wishlist
subscribe ubuntu-sponsors
Please sync viewvc 1.1.5-1 (universe) from Debian unstable (main).
Please sync this package as it fixes multiple CVE's
Changelog since current maverick version 1.0.9-1:
viewvc (1.1.5-1) unstable; urgency=medium
[ John Zaitseff ]
* New upstream release (closes: #532611, #575777, #575787, #576307). This
solves CVE-2010-0004, CVE-2010-0005, CVE-2010-0736 and CVE-2010-0132.
* Extensive rewrite of files in the debian directory. Updated to Debian
policy 3.8.4, updated all control files to Debhelper 7, rewrote
debian/rules for clarity (and to use Debhelper 7).
* Removed all references to Debconf, as previous versions of this
package violated Debian policy (section 10.7.3): /etc/viewvc/viewvc.conf
is a conffile, and maintainer scripts must NOT modify it at any time.
* Reorganised the installation files in /usr/lib/viewvc. The CGI
programs are now links to files in /usr/lib/viewvc/cgi-bin.
* Packaged the Apache mod-python modules for optional use (in
/usr/lib/viewvc/mod-python). See README.Debian for more information.
* Moved the static help documentation ("docroot") from /usr/share/viewvc
to /usr/share/viewvc/docroot, as per Webapps Policy, section 3.1.
* Updated the debian/patches subdirectory to remove patches no longer
relevant to ViewVC 1.1.x and to update those that still apply.
* debian/control:
- Removed the dependency on gawk, as that was only required for Debconf
configuration.
- Demoted the dependency on mime-support to "Suggests": ViewVC can use
it, if appropriately configured, but does not require it.
- Added a suggestion for the python-tk package: viewvc-standalone(1)
uses this when passed the "--gui" flag.
- Modified all dependencies as appropriate. Depend on httpd-cgi, not
httpd, since the viewvc package needs a CGI server. In addition,
python-egenix-mxdatetime is no longer needed (since ViewVC 1.0.x).
- Updated the XS-Python-Version field to "all" (Closes: #570573).
- ViewVC 1.1.x supports only python-pygments as a syntax highlighter,
not enscript. Adjusted dependencies as appropriate.
[ David MartÃnez Moreno ]
* Changed history and added the CVE entry to the changelog for 1.0.9-1.
* debian/control:
- Moved Section to vcs in order to match the overrides.
- Make python-dev dependency just python.
- Removed dummy package viewcvs, it was already dummy in lenny.
* debian/viewcvs.*: Removed.
* debian/NEWS: Fixed version in John's entry and removed old news from 0.9.4.
* debian/README.source: Added.
* The new release also addresses in a different way how to show long
annotation messages (closes: #434301).
* Added debian/patches/92-no_strings_in_raise for fixing a couple of
occurrences of string exceptions in the code, no longer valid in Python
2.6, the default now (closes: #585366).
-- David MartÃnez Moreno <ender at debian.org> Fri, 02 Jul 2010 02:24:34
+0200
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (GNU/Linux)
iEYEARECAAYFAkwt3UQACgkQUlfC4uPMy3TnvQCgiWDixs26n2zyEn5RZsf0K+CG
i+sAoLyRgXyVR1I7EIGLtX/2nMIaDPAw
=XBvj
-----END PGP SIGNATURE-----
** Affects: viewvc (Ubuntu)
Importance: Wishlist
Status: Confirmed
--
Please sync viewvc 1.1.5-1 (universe) from Debian unstable (main).
https://bugs.edge.launchpad.net/bugs/601010
You received this bug notification because you are a member of Ubuntu Package Archive Administrators, which is a direct subscriber.
More information about the ubuntu-archive
mailing list