Viewing all changes in revision 13.
- Committer: Bazaar Package Importer
- Date: 2007-01-12 15:29:28 UTC
- Revision ID: james.westby@ubuntu.com-20070112152928-uyydrpmvj0xg4vp2
* Backport security-related changes from 2.9.2-rc1:
* CVE-2007-0203: Multiple unspecified vulnerabilities;
this turns out to be (1) cross site scripting and
(2) the same as CVE-2006-6374. (Closes: #406332, #406486)
* CVE-2006-6374: the vulnerability only applies to
PHP < 5.1.2 and < 4.4.2, so strictly speaking current
Debian is not vulnerable. Include it anyway, to not expose
those using older PHP versions. (Closes: #404744)
* CVE-2007-0203: Multiple unspecified vulnerabilities;
this turns out to be (1) cross site scripting and
(2) the same as CVE-2006-6374. (Closes: #406332, #406486)
* CVE-2006-6374: the vulnerability only applies to
PHP < 5.1.2 and < 4.4.2, so strictly speaking current
Debian is not vulnerable. Include it anyway, to not expose
those using older PHP versions. (Closes: #404744)
- files added:
- debian/patches/030_CVE-2007-0203.patch
- files modified:
- debian/changelog
expand all
collapse all
added
removed
