Back to elog PTS page

Accepted elog 2.6.1+r1638-1 (source i386)



-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Format: 1.7
Date: Thu, 26 Jan 2006 21:45:44 +0200
Source: elog
Binary: elog
Architecture: source i386
Version: 2.6.1+r1638-1
Distribution: unstable
Urgency: critical
Maintainer: roktas@debian.org
Changed-By: Recai OktaÅ? <roktas@debian.org>
Description: 
 elog       - Logbook system to manage notes through a Web interface
Closes: 339958 349528
Changes: 
 elog (2.6.1+r1638-1) unstable; urgency=critical
 .
   * New upstream release grabbed from Subversion (r1638).  Fix serious
     security bugs (thanks to Florian Weimer).  (Closes: #349528)
     + "Do not distinguish between invalid user name and invalid password
        for security reasons"
     + "Fixed infinite redirection with ?fail=1"
     + "Prohibit '..' in URLs" [CVE-2006-0347]
     + "Fixed potential buffer overflows" [CVE-2005-4439]
     + "Added IP address to log file"
   * Urgency set to critical because of the security issues.
   * Upstream code has been migrated to Subversion.  Change package naming
     scheme so as to track Subversion releases, instead of CVS.
   * Use Subversion exports as pristine sources directly.  In the older
     versions, we used to rely on the upstream's build script.
   * debian/postrm: Purge cleanly even no logbook has been created.  This
     situation occurs, for example, when elog is tested with piuparts.  It's
     because, in fact, elogd can not dynamically create logbooks/demo in
     postinst stage.  (Closes: #339958)
   * debian/control: Bump Standarts-Version to 3.6.2.
   * debian/rules: Add -lutil to LIBS.
   * debian/update: New utility for easy updates.
   * debian/watch: Remove unneeded file.
Files: 
 0e61199402d4290f57c8c9d93f2a7604 569 web optional elog_2.6.1+r1638-1.dsc
 e617faffe8b76e917afb14131939c32c 643899 web optional elog_2.6.1+r1638.orig.tar.gz
 f2cb8503ff97f00fac5efa105e9d5f66 11793 web optional elog_2.6.1+r1638-1.diff.gz
 fc9a3636892967e8c04db03393003203 552244 web optional elog_2.6.1+r1638-1_i386.deb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2 (GNU/Linux)

iD8DBQFD2TvXnA44mz/SXIQRAss2AJ9E5WrKUAq4VgpOsWjuG82DGU0/JgCfWIGJ
o10XAroCp9x2wNNPIvPzri8=
=/ab0
-----END PGP SIGNATURE-----


Accepted:
elog_2.6.1+r1638-1.diff.gz
  to pool/main/e/elog/elog_2.6.1+r1638-1.diff.gz
elog_2.6.1+r1638-1.dsc
  to pool/main/e/elog/elog_2.6.1+r1638-1.dsc
elog_2.6.1+r1638-1_i386.deb
  to pool/main/e/elog/elog_2.6.1+r1638-1_i386.deb
elog_2.6.1+r1638.orig.tar.gz
  to pool/main/e/elog/elog_2.6.1+r1638.orig.tar.gz