-
Committer:
Bazaar Package Importer
-
Author(s):
Marc Deslauriers
-
Date:
2009-10-26 11:08:55 UTC
-
Revision ID:
james.westby@ubuntu.com-20091026110855-cvqjvkjzf3mr3mk8
Tags: 4:2.11.8.1-1ubuntu0.2
* SECURITY UPDATE: XSS via a crafted name for a MySQL table (LP: #450505)
- debian/patches/047-security-CVE-2009-3696-3697.dpatch: filter special
characters in db_operations.php.
- CVE-2009-3696
* SECURITY UPDATE: SQL injection via PDF schema generator functionality
(LP: #450505)
- debian/patches/047-security-CVE-2009-3696-3697.dpatch: filter and
escape special characters in pdf_pages.php and pmd_pdf.php.
- CVE-2009-3697