Viewing all changes in revision 19.
- Committer: Bazaar Package Importer
- Date: 2009-10-26 08:55:07 UTC
- Revision ID: james.westby@ubuntu.com-20091026085507-tb1729ysnxqnard7
* SECURITY UPDATE: XSS via a crafted name for a MySQL table (LP: #450505)
- debian/patches/046-security-CVE-2009-3696-3697.dpatch: filter special
characters in db_operations.php and db_structure.php.
- CVE-2009-3696
* SECURITY UPDATE: SQL injection via PDF schema generator functionality
(LP: #450505)
- debian/patches/046-security-CVE-2009-3696-3697.dpatch: filter and
escape special characters in pdf_pages.php and pmd_pdf.php.
- CVE-2009-3697
* SECURITY UPDATE: code injection via configuration files (LP: #392324)
- Previous patch for CVE-2009-1285 was incomplete
- debian/patches/045-security-CVE-2009-1285-2.dpatch: do not allow user
to modify php code before saving in setup/frames/config.inc.php and
setup/config.php.
- CVE-2009-1285
- debian/patches/046-security-CVE-2009-3696-3697.dpatch: filter special
characters in db_operations.php and db_structure.php.
- CVE-2009-3696
* SECURITY UPDATE: SQL injection via PDF schema generator functionality
(LP: #450505)
- debian/patches/046-security-CVE-2009-3696-3697.dpatch: filter and
escape special characters in pdf_pages.php and pmd_pdf.php.
- CVE-2009-3697
* SECURITY UPDATE: code injection via configuration files (LP: #392324)
- Previous patch for CVE-2009-1285 was incomplete
- debian/patches/045-security-CVE-2009-1285-2.dpatch: do not allow user
to modify php code before saving in setup/frames/config.inc.php and
setup/config.php.
- CVE-2009-1285
expand all
collapse all
added
removed
