-
Committer:
Bazaar Package Importer
-
Author(s):
Dominic Hargreaves
-
Date:
2011-05-29 13:50:51 UTC
-
Revision ID:
james.westby@ubuntu.com-20110529135051-2nn8l11c8s7ztw3k
Tags: 3.8.7-1ubuntu2.1
* SECURITY UPDATE: support salted passwords in database and upgrade
unsalted passwords (CVE-2011-0009)
- LP: #750339
* Security fix: fix information leakage in scrips (CVE-2011-1008)
* Multiple security fixes for:
- Remote code execution in external custom fields (CVE-2011-1685)
- Information disclosure via SQL injection (CVE-2011-1686)
- Information disclosure via search interface (CVE-2011-1687)
- Information disclosure via directory traversal (CVE-2011-1688)
- User javascript execution via XSS vulnerability (CVE-2011-1689)
- Authentication credentials theft (CVE-2011-1690)