-
Committer:
Bazaar Package Importer
-
Author(s):
Marc Deslauriers
-
Date:
2009-10-26 12:21:00 UTC
-
Revision ID:
james.westby@ubuntu.com-20091026122100-lhkfw690r00sqwr1
Tags: 4:2.11.3-1ubuntu1.3
* SECURITY UPDATE: XSS via a crafted name for a MySQL table (LP: #450505)
- debian/patches/062_CVE-2009-3696-3697.dpatch: filter special
characters in db_operations.php.
- CVE-2009-3696
* SECURITY UPDATE: SQL injection via PDF schema generator functionality
(LP: #450505)
- debian/patches/062_CVE-2009-3696-3697.dpatch: filter and escape
special characters in pdf_pages.php and pmd_pdf.php.
- CVE-2009-3697