Accepted elog 2.6.1+r1638-1 (source i386)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Format: 1.7
Date: Thu, 26 Jan 2006 21:45:44 +0200
Source: elog
Binary: elog
Architecture: source i386
Version: 2.6.1+r1638-1
Distribution: unstable
Urgency: critical
Maintainer: roktas@debian.org
Changed-By: Recai OktaÅ? <roktas@debian.org>
Description:
elog - Logbook system to manage notes through a Web interface
Closes: 339958 349528
Changes:
elog (2.6.1+r1638-1) unstable; urgency=critical
.
* New upstream release grabbed from Subversion (r1638). Fix serious
security bugs (thanks to Florian Weimer). (Closes: #349528)
+ "Do not distinguish between invalid user name and invalid password
for security reasons"
+ "Fixed infinite redirection with ?fail=1"
+ "Prohibit '..' in URLs" [CVE-2006-0347]
+ "Fixed potential buffer overflows" [CVE-2005-4439]
+ "Added IP address to log file"
* Urgency set to critical because of the security issues.
* Upstream code has been migrated to Subversion. Change package naming
scheme so as to track Subversion releases, instead of CVS.
* Use Subversion exports as pristine sources directly. In the older
versions, we used to rely on the upstream's build script.
* debian/postrm: Purge cleanly even no logbook has been created. This
situation occurs, for example, when elog is tested with piuparts. It's
because, in fact, elogd can not dynamically create logbooks/demo in
postinst stage. (Closes: #339958)
* debian/control: Bump Standarts-Version to 3.6.2.
* debian/rules: Add -lutil to LIBS.
* debian/update: New utility for easy updates.
* debian/watch: Remove unneeded file.
Files:
0e61199402d4290f57c8c9d93f2a7604 569 web optional elog_2.6.1+r1638-1.dsc
e617faffe8b76e917afb14131939c32c 643899 web optional elog_2.6.1+r1638.orig.tar.gz
f2cb8503ff97f00fac5efa105e9d5f66 11793 web optional elog_2.6.1+r1638-1.diff.gz
fc9a3636892967e8c04db03393003203 552244 web optional elog_2.6.1+r1638-1_i386.deb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2 (GNU/Linux)
iD8DBQFD2TvXnA44mz/SXIQRAss2AJ9E5WrKUAq4VgpOsWjuG82DGU0/JgCfWIGJ
o10XAroCp9x2wNNPIvPzri8=
=/ab0
-----END PGP SIGNATURE-----
Accepted:
elog_2.6.1+r1638-1.diff.gz
to pool/main/e/elog/elog_2.6.1+r1638-1.diff.gz
elog_2.6.1+r1638-1.dsc
to pool/main/e/elog/elog_2.6.1+r1638-1.dsc
elog_2.6.1+r1638-1_i386.deb
to pool/main/e/elog/elog_2.6.1+r1638-1_i386.deb
elog_2.6.1+r1638.orig.tar.gz
to pool/main/e/elog/elog_2.6.1+r1638.orig.tar.gz