-
Committer:
Bazaar Package Importer
-
Author(s):
Raphael Bossek
-
Date:
2010-11-15 10:09:20 UTC
-
mfrom:
(1.3.2 upstream)
-
Revision ID:
james.westby@ubuntu.com-20101115100920-o44coxhud8c7j15m
Tags: 3.6.3.0-1
* New upstream release. Closes: #602420
* Fixed vulnerability CVE-2010-3172:
By inserting a certain string into a URL, it was possible
to inject both headers and content to any browser that
supported "Server Push" (mostly only Gecko-based browsers
like Firefox). This could lead to Cross-Site Scripting
vulnerabilities, and possibly other more dangerous security
issues as well.
* Fixed vulnerability CVE-2010-3764:
The Old Charts system generated graphs with
predictable names into the "graphs/" directory,
which also could be browsed to see its contents.
This allowed unauthorized users to see product
names and charted information about those
products over time.
* Fixed references to YUI components used by language templates.
* Fixed missing images.
* Surrpress error messages at installation stage.