-
Committer:
Bazaar Package Importer
-
Author(s):
Marc Deslauriers
-
Date:
2009-10-26 08:55:07 UTC
-
Revision ID:
james.westby@ubuntu.com-20091026085507-tb1729ysnxqnard7
Tags: 4:3.1.2-1ubuntu0.2
* SECURITY UPDATE: XSS via a crafted name for a MySQL table (LP: #450505)
- debian/patches/046-security-CVE-2009-3696-3697.dpatch: filter special
characters in db_operations.php and db_structure.php.
- CVE-2009-3696
* SECURITY UPDATE: SQL injection via PDF schema generator functionality
(LP: #450505)
- debian/patches/046-security-CVE-2009-3696-3697.dpatch: filter and
escape special characters in pdf_pages.php and pmd_pdf.php.
- CVE-2009-3697
* SECURITY UPDATE: code injection via configuration files (LP: #392324)
- Previous patch for CVE-2009-1285 was incomplete
- debian/patches/045-security-CVE-2009-1285-2.dpatch: do not allow user
to modify php code before saving in setup/frames/config.inc.php and
setup/config.php.
- CVE-2009-1285