« back to all changes in this revision
Viewing changes to debian/patches/00list
- Committer: Bazaar Package Importer
- Date: 2007-10-21 14:41:27 UTC
- Revision ID: james.westby@ubuntu.com-20071021144127-ftqrw9p2h0ro6jt9
* SECURITY UPDATE: merge many security fixes from Debian (LP: #155491)
* Remove the old 05_sanitize_html_entities.dpatch as it's fix is
included with many more in 06_sanitize_html_entities.dpatch
* Include many security fixes from Debian's 2.1-7
(the following entries are taken from the Debian changelog)
* Fix minor XSS vulnerability in admin.php, issue CVE-2006-5227
(06_sanitize_html_entities.dpatch)
* Updated 06_sanitize_html_entities.dpatch to fix the security
issue CVE-2006-5451
* Fixed the directroy traversal vulnerability, issue CVE-2006-5609
(09_fix_directory_traversal.dpatch)
* Sanitize file inputs, fixes: CVE-2006-6328, CVE-2006-6329,
CVE-2006-6330, CVE-2006-6598 (10_sanitize_file_input.dpatch)
* Add more security fixes
- some missed previously (11_missed_security_fixes.dpatch)
- remote command execution in metaInfo.php, issue
CVE-2006-6331 (12_metaInfo_remote_command.dpatch)
- possible XSS vulnerability due to urldecode, fixes
CVE-2006-6600 (13_possible_xss_vulnerability.dpatch)
- remote command execution in maketorrent.php, fixes
CVE-2006-6599 (14_maketorrent_remote_command.dpatch)
- more possible fixes just to be safe, fixes CVE-2006-6604
(15_additional_possible_fixes.dpatch)
* Remove the old 05_sanitize_html_entities.dpatch as it's fix is
included with many more in 06_sanitize_html_entities.dpatch
* Include many security fixes from Debian's 2.1-7
(the following entries are taken from the Debian changelog)
* Fix minor XSS vulnerability in admin.php, issue CVE-2006-5227
(06_sanitize_html_entities.dpatch)
* Updated 06_sanitize_html_entities.dpatch to fix the security
issue CVE-2006-5451
* Fixed the directroy traversal vulnerability, issue CVE-2006-5609
(09_fix_directory_traversal.dpatch)
* Sanitize file inputs, fixes: CVE-2006-6328, CVE-2006-6329,
CVE-2006-6330, CVE-2006-6598 (10_sanitize_file_input.dpatch)
* Add more security fixes
- some missed previously (11_missed_security_fixes.dpatch)
- remote command execution in metaInfo.php, issue
CVE-2006-6331 (12_metaInfo_remote_command.dpatch)
- possible XSS vulnerability due to urldecode, fixes
CVE-2006-6600 (13_possible_xss_vulnerability.dpatch)
- remote command execution in maketorrent.php, fixes
CVE-2006-6599 (14_maketorrent_remote_command.dpatch)
- more possible fixes just to be safe, fixes CVE-2006-6604
(15_additional_possible_fixes.dpatch)
- files added:
- debian/patches/06_sanitize_html_entities.dpatch
- files removed:
- debian/patches/05_sanitize_html_entities.dpatch
- files modified:
- debian/changelog
added
removed
debian/patches/00list
