-
Committer:
Bazaar Package Importer
-
Author(s):
Thijs Kinkhorst
-
Date:
2007-01-12 15:29:28 UTC
-
Revision ID:
james.westby@ubuntu.com-20070112152928-uyydrpmvj0xg4vp2
Tags: 4:2.9.1.1-2
* Backport security-related changes from 2.9.2-rc1:
* CVE-2007-0203: Multiple unspecified vulnerabilities;
this turns out to be (1) cross site scripting and
(2) the same as CVE-2006-6374. (Closes: #406332, #406486)
* CVE-2006-6374: the vulnerability only applies to
PHP < 5.1.2 and < 4.4.2, so strictly speaking current
Debian is not vulnerable. Include it anyway, to not expose
those using older PHP versions. (Closes: #404744)