-
Committer:
Bazaar Package Importer
-
Author(s):
Daniel T Chen
-
Date:
2006-06-09 22:21:34 UTC
-
Revision ID:
james.westby@ubuntu.com-20060609222134-sdqnl3z5bws1knge
Tags: 1.5.3+20060108-1ubuntu1.1
* [SECURITY] Fix multiple XSS and SQL injection vulnerabilities:
- Due to a failure to properly sanitise user input, there's a
PostgreSQL SQL injection vulnerability in
lib/adodb/drivers/adodb-postgres64.inc.php as described in
CVE-2006-0410. Patch applied from Debian #360395.
- The embedded version of lib/adodb/adodb-pager.inc.php is
susceptible to XSS as described in CVE-2006-0806. Patch applied
from Debian #360396.
* References:
http://bugs.debian.org/360395, CVE-2006-0410;
http://bugs.debian.org/360396, CVE-2006-0806.
* debian/:
- postinst: Handle the upgrade path from any previous packaging
revision in Breezy and Dapper that depends on apache2 but
mistakenly uses apache in the debconf template.
- templates: Use apache2 by default since, well, that's what the
dependency prefers. Now Moodle actually installs.
(Closes: Malone #5501, Malone #47812).