Accepted dtc 0.29.18-1+lenny2 (source all)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: RIPEMD160
Format: 1.8
Date: Sun, 11 Sep 2011 05:15:26 +0000
Source: dtc
Binary: dtc-common dtc-core dtc-cyrus dtc-postfix-courier dtc-stats-daemon dtc-toaster
Architecture: source all
Version: 0.29.18-1+lenny2
Distribution: lenny-security
Urgency: low
Maintainer: Thomas Goirand <zigo@debian.org>
Changed-By: Thomas Goirand <zigo@debian.org>
Description:
dtc-common - web control panel for admin and accounting hosting services (comm
dtc-core - web control panel for admin and accounting hosting services (fewe
dtc-cyrus - web control panel for admin and accounting hosting services (cyru
dtc-postfix-courier - web control panel for admin and accounting hosting services (more
dtc-stats-daemon - dtc-xen VM statistics for the dtc web control panel
dtc-toaster - web control panel for admin and accounting hosting services (meta
Closes: 637469 637477 637485 637487 637537 637584 637618 637629 637630 637632 637669
Changes:
dtc (0.29.18-1+lenny2) lenny-security; urgency=low
.
* QA upload fixing:
- Removed old iGlobalWall folder which included unwanted information.
- Removed sourceless OSX mod_log_sql.so files (Closes: #637469).
- Fixes lists shell injection issue (Closes: #637477).
- Sets unix rights to non-world readable for the apache2.conf file,
since it contains SQL access password (Closes: #637485).
- Now htmlspecialchars() the output of DNS & MX, preventing a possible
HTML injection issue (Closes: #637584).
- Fixes "package installer includes php files in untrusted directories"
if some package install packages are installed (Closes: #637629, #637630).
- Adds htmlspecialchars() in the ticket display.
- Fixes sudo access to chrootuid is giving access to root using the new
dtc-chroot-wrapper (Closes: #637618).
- Not using htpasswd -b to create .htpasswd files (Closes: #637537).
- Checks $_SERVER["addrlink"] input correctly, since it could lead to very
bad SQL insertion (Closes: #637487 ).
- Fixes an SQL injection in package installer (Closes: #637632).
- Fixes an SQL injection in the draw_user_admin.php (Closes: #637669).
Checksums-Sha1:
9e7675783f6ac3070dc332da98febc2af28894b6 1250 dtc_0.29.18-1+lenny2.dsc
bdf1bef7c5d7e9d61892bc3875925503363354f5 7301006 dtc_0.29.18.orig.tar.gz
b5e77fbbae9e27735c82751abc1ac0077146a002 78746 dtc_0.29.18-1+lenny2.diff.gz
4445b341c0a0566e1f93325712fbd807bed799ab 1912204 dtc-common_0.29.18-1+lenny2_all.deb
79612b46702ccd4823e1d8060eea8497cbe83d72 70510 dtc-core_0.29.18-1+lenny2_all.deb
7456c345f99006e82795eb718e5d249606e8ddcd 70626 dtc-cyrus_0.29.18-1+lenny2_all.deb
9edf5d6c9463161b49431da1a9ea8a65fd146cf0 72150 dtc-postfix-courier_0.29.18-1+lenny2_all.deb
e145c361efd75c81675bdbd92c98eee47b2365af 31420 dtc-stats-daemon_0.29.18-1+lenny2_all.deb
6f4e57a97ea09e1c647225199c0c2b6fa693a965 25814 dtc-toaster_0.29.18-1+lenny2_all.deb
Checksums-Sha256:
0205a5938ae0faee16d2d3d8df2d6fa9b311aae37c906c854ef585a981b8d3af 1250 dtc_0.29.18-1+lenny2.dsc
4c6c116a378641114310bfa4c0595945f8077e222292577d060f0d7f32be37b9 7301006 dtc_0.29.18.orig.tar.gz
e6741fced0c57c63d3b64dfc86c4b78361bd28c0b21c47b739fa8e478612dcca 78746 dtc_0.29.18-1+lenny2.diff.gz
aad9db66e62d2f24c3b56d35a6c46d553f52a6361d82db873aecfaed65dcf124 1912204 dtc-common_0.29.18-1+lenny2_all.deb
6574b290ee7ef3a68487bc6adf9be43ef10cf753bbbec0eea4ee6c0e2dfc2414 70510 dtc-core_0.29.18-1+lenny2_all.deb
ae3ce5943e2b9cec34fa1b6c6f77cd1e035992e844ed890432a34338fc15091d 70626 dtc-cyrus_0.29.18-1+lenny2_all.deb
a0988321c1edca4e4f68ecce6250cd404e84286f430007e90a94c3928acf9293 72150 dtc-postfix-courier_0.29.18-1+lenny2_all.deb
2b5e79c3bf8972499b1640e905068efdee6a67edbd713d2b5f8f95949d8c1c0a 31420 dtc-stats-daemon_0.29.18-1+lenny2_all.deb
e88ef80dedf21e996b36328a27a5be300c3b4fdeaedfe5781dc3d4ac17b3e617 25814 dtc-toaster_0.29.18-1+lenny2_all.deb
Files:
a3f3e14f6ea3d0cdceec1c80727160e8 1250 admin extra dtc_0.29.18-1+lenny2.dsc
a974267096479c55720c8d7e3c00ae6d 7301006 admin extra dtc_0.29.18.orig.tar.gz
79129db9e54025fe4a08f590249caf3c 78746 admin extra dtc_0.29.18-1+lenny2.diff.gz
351c2f7d94f8fa02cc6fc85f7ecdc3a9 1912204 admin extra dtc-common_0.29.18-1+lenny2_all.deb
eaaa9dfc160479f3a8cb4662087cf4dc 70510 admin extra dtc-core_0.29.18-1+lenny2_all.deb
517eedc29e40d13333d713245e0435aa 70626 admin extra dtc-cyrus_0.29.18-1+lenny2_all.deb
b46683262492c05b7096e4f81322fb56 72150 admin extra dtc-postfix-courier_0.29.18-1+lenny2_all.deb
30edcbb544f59beb9e0949c6836a0380 31420 admin extra dtc-stats-daemon_0.29.18-1+lenny2_all.deb
0434325a71c5fa9f6e174ac89f2085b8 25814 admin extra dtc-toaster_0.29.18-1+lenny2_all.deb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)
iEYEAREDAAYFAk5sVVUACgkQl4M9yZjvmkkv1QCffTfT59yeRRJPOunBaCKGLLpT
MowAnR2XE3OKrUWUAuwvJm/6kyhuwPxJ
=J5w+
-----END PGP SIGNATURE-----
Accepted:
dtc-common_0.29.18-1+lenny2_all.deb
to main/d/dtc/dtc-common_0.29.18-1+lenny2_all.deb
dtc-core_0.29.18-1+lenny2_all.deb
to main/d/dtc/dtc-core_0.29.18-1+lenny2_all.deb
dtc-cyrus_0.29.18-1+lenny2_all.deb
to main/d/dtc/dtc-cyrus_0.29.18-1+lenny2_all.deb
dtc-postfix-courier_0.29.18-1+lenny2_all.deb
to main/d/dtc/dtc-postfix-courier_0.29.18-1+lenny2_all.deb
dtc-stats-daemon_0.29.18-1+lenny2_all.deb
to main/d/dtc/dtc-stats-daemon_0.29.18-1+lenny2_all.deb
dtc-toaster_0.29.18-1+lenny2_all.deb
to main/d/dtc/dtc-toaster_0.29.18-1+lenny2_all.deb
dtc_0.29.18-1+lenny2.diff.gz
to main/d/dtc/dtc_0.29.18-1+lenny2.diff.gz
dtc_0.29.18-1+lenny2.dsc
to main/d/dtc/dtc_0.29.18-1+lenny2.dsc
dtc_0.29.18.orig.tar.gz
to main/d/dtc/dtc_0.29.18.orig.tar.gz