-
Committer:
Julian Ladisch
-
Date:
2015-10-16 10:14:29 UTC
-
mfrom:
(76.1.5 wheezy)
-
Revision ID:
launchpad.net-hpe@ladisch.de-20151016101429-fu6nb3fjzub09mvl
* Fix security issues:
- CVE-2014-1879: Self-XSS due to unescaped HTML output in import.
LP: #1441590
- CVE-2013-5003: SQL injection vulnerabilities (control user) (3.4.x is not affected).
- CVE-2013-5002: Self-XSS due in schema export (3.4.x is not affected).
- CVE-2013-4996: XSS in Logo Link and Trusted Proxy List (3.4.x is not affected).
- CVE-2013-4995: XSS in HTML Output when executing a SQL query (3.4.x is not affected).
* Fix security issue:
- CVE-2013-3239: Locally Saved SQL Dump File Multiple File Extension
Remote Code Execution (3.4.x is not affected).
* New upstream security release.
- CVE-2012-4345, CVE-2012-4579: Multiple XSS in Table operations,
Database structure, Trigger and Visualize GIS data pages.
LP: #1441587
* New upstream release.
* Add alternative dependency to php5-mysqlnd (closes: #665812).
* New upstream release.
- CVE-2012-1902: Path disclosure due to missing verification of file presence.
LP: #1441568
* Checked for policy 3.9.3, no changes.