Back to phpwiki PTS page

Accepted phpwiki 1.3.14-1 (source all)

To: debian-devel-changes@lists.debian.org
Subject: Accepted phpwiki 1.3.14-1 (source all)
From: Matt Brown <mattb@debian.org>
Date: Sat, 29 Sep 2007 17:18:24 +0000
Message-id: <E1IbfxQ-0005Rb-VC@ries.debian.org>
Sender: Archive Administrator <dak@ftp-master.debian.org>
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Format: 1.7
Date: Sat, 29 Sep 2007 17:15:07 +0100
Source: phpwiki
Binary: phpwiki
Architecture: source all
Version: 1.3.14-1
Distribution: unstable
Urgency: high
Maintainer: Matt Brown <mattb@debian.org>
Changed-By: Matt Brown <mattb@debian.org>
Description: 
 phpwiki    - informal collaborative website manager
Closes: 416796 418571 418577 424607 429201 438785 439104 441390 441936 444201
Changes: 
 phpwiki (1.3.14-1) unstable; urgency=low
 .
   * New upstream release 1.3.14
   * Contains fixes for CVE-2007-3193, CVE-2007-2024 and CVE-2007-2025,
     fixed in NMU by Thijs Kinkhorst. Thanks.
   * Remove patches merged upstream
     - 03-dba-open-existing
     - 07-versiondata-base64-decode
     - 08-upgrade-remove-user-table
     - 09-upgrade-sql-syntax-fixes
     - 10-upgrade-password-portable
     - 11-upgrade-sqlite-nopass
   * Drop PHP4 support, add missing libapache2-mod-php5 dependency.
     (Closes: #438785)
   * Add Depend on debconf-2.0 for cdebconf support. (Closes: #441936)
   * Fix debconf template errors. Thanks to Helge Kreutzmann. (Closes: #418571)
   * New translations:
     - pt thanks Ricardo Silva (Closes: #416796)
     - de thanks to Helge Kreutzmann (Closes: #418577)
   * Updated es translation thanks to Carlos Galisteo (Closes: #424607)
   * MonoBook theme tested and working OK. (Closes: #444201)
   * Symlink schemas from dbconfig-common directory to documented locations.
     (Closes: #439104)
 .
 phpwiki (1.3.12p3-6.1) unstable; urgency=high
 .
   * NMU by the testing security team, with maintainer approval.
   * CVE-2007-3193: lib/WikiUser/LDAP.php in PhpWiki before 1.3.13p1, when the
     configuration lacks a nonzero PASSWORD_LENGTH_MINIMUM, might allow remote
     attackers to bypass authentication via an empty password, which causes
     ldap_bind to return true when used with certain LDAP implementations.
     (Closes: #429201)
   * CVE-2007-2024, CVE-2007-2025: Unrestricted file upload vulnerability in
     the UpLoad feature (lib/plugin/UpLoad.php) in PhpWiki 1.3.11p1 allows
     remote attackers to upload arbitrary PHP files with a double extension, as
     demonstrated by .php.3, which is interpreted by Apache as being a valid
     PHP file.
     (Closes: #441390)
Files: 
 04347ac8719d2738f972d67d4e3171b3 632 web optional phpwiki_1.3.14-1.dsc
 e6f747756c5534a5ba4d3775098997e0 3388499 web optional phpwiki_1.3.14.orig.tar.gz
 54a3ca637dfb2e959274b7b6767e47d1 52505 web optional phpwiki_1.3.14-1.diff.gz
 7b6cc548048a0a20c8e37084ee4e906b 3203712 web optional phpwiki_1.3.14-1_all.deb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)

iD8DBQFG/oXz/pqN2EBUqwgRArDCAJ9C83t4D/nCDENMZyoqIfCcKl4g+wCfeWbT
ejDc30ejG8m2Uw8dDisw0lw=
=Axg9
-----END PGP SIGNATURE-----


Accepted:
phpwiki_1.3.14-1.diff.gz
  to pool/main/p/phpwiki/phpwiki_1.3.14-1.diff.gz
phpwiki_1.3.14-1.dsc
  to pool/main/p/phpwiki/phpwiki_1.3.14-1.dsc
phpwiki_1.3.14-1_all.deb
  to pool/main/p/phpwiki/phpwiki_1.3.14-1_all.deb
phpwiki_1.3.14.orig.tar.gz
  to pool/main/p/phpwiki/phpwiki_1.3.14.orig.tar.gz