Accepted roundup 1.4.15-3+deb6u1 (source all) into squeeze-lts
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Sun, 23 Aug 2015 16:41:10 +0200
Source: roundup
Binary: roundup
Architecture: source all
Version: 1.4.15-3+deb6u1
Distribution: squeeze-lts
Urgency: high
Maintainer: Toni Mueller <toni@debian.org>
Changed-By: Thorsten Alteholz <debian@alteholz.de>
Description:
roundup - an issue-tracking system
Changes:
roundup (1.4.15-3+deb6u1) squeeze-lts; urgency=high
.
* Non-maintainer upload by the Squeeze LTS Team.
* CVE-2012-6130
Cross-site scripting (XSS) vulnerability in the history
display in Roundup before 1.4.20 allows remote attackers
to inject arbitrary web script or HTML via a username,
related to generating a link.
* CVE-2012-6131
Cross-site scripting (XSS) vulnerability in cgi/client.py
in Roundup before 1.4.20 allows remote attackers to inject
arbitrary web script or HTML via the @action parameter to
support/issue1.
* CVE-2012-6132
Cross-site scripting (XSS) vulnerability in Roundup before
1.4.20 allows remote attackers to inject arbitrary web
script or HTML via the otk parameter.
* CVE-2012-6133
XSS flaws in ok and error messages
We solve this differently from the proposals in the bug-report
by not allowing *any* html-tags in ok/error messages anymore.
Checksums-Sha1:
bf7268ee3735fc9ac1588052a88a3fc25dfe6cce 1833 roundup_1.4.15-3+deb6u1.dsc
98cd2e1ae5edd795a2b2c83d5f9854704855721b 1440997 roundup_1.4.15.orig.tar.gz
df3154f9c835f380e45eb8d01e40ce5d865bf1a4 29213 roundup_1.4.15-3+deb6u1.debian.tar.gz
3dff2dd7772189e6ddaffee7782636a14c297989 1361658 roundup_1.4.15-3+deb6u1_all.deb
Checksums-Sha256:
58e502edac814d90d3c56813fba8cd18ff45d9f2d8cc68486abb0fd159a75943 1833 roundup_1.4.15-3+deb6u1.dsc
5dd652b96abbfff4be57a7d39c7fc126f69f86058c2f6d4aefbb2d6d96bf02d9 1440997 roundup_1.4.15.orig.tar.gz
d0c9566c60b04d674863a0bba43b178f8afc23591a7ee7438185b6d1d652d748 29213 roundup_1.4.15-3+deb6u1.debian.tar.gz
415ff24c6dc29feeb07c0bb4cfebc23799f1922b7e01ddf515e76d99c2a488a8 1361658 roundup_1.4.15-3+deb6u1_all.deb
Files:
ce7d7b2414bbc1bed996ace9bb328d34 1833 web optional roundup_1.4.15-3+deb6u1.dsc
65af27f02ff0aef9d6babc7373d426b9 1440997 web optional roundup_1.4.15.orig.tar.gz
c0bc148230835aa82dbbd7eeee527ad2 29213 web optional roundup_1.4.15-3+deb6u1.debian.tar.gz
2bf5eaaa013dd187d812311cbe41aa19 1361658 web optional roundup_1.4.15-3+deb6u1_all.deb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
iQJ8BAEBCgBmBQJV2eV2XxSAAAAAAC4AKGlzc3Vlci1mcHJAbm90YXRpb25zLm9w
ZW5wZ3AuZmlmdGhob3JzZW1hbi5uZXQ2MjAxRkJGRkRCQkRFMDc4MjJFQUJCOTY5
NkZDQUMwRDM4N0I1ODQ3AAoJEJb8rA04e1hH+UwQAJ+AVPEebZDOVdXg9shoPHH9
ET9OX2WOcyOJV5GJb/hXlrNpZ6VU+IFgXOnfYl3awWwHb5Fmo44dbss3FLQbG/9K
/WbPH5txHVVzqLsMb+y0JqU5q0OuhyxM07b/jpqEMpO3MAtT32oD3dS7GeloXWra
/NDJ3i2+8/PE+C31yl6TRRAOYcflsuw6mSuQIJwL+Kgd1omzbjroul7aP4VybEUj
6+gpDKavNN/AQaNTeq0wKmS6eIINKDCcE8oRZJVq7b5SuA7XAECNqJn1Fie6I57b
dtHj+21gbuEV+w1KTZXbFYJ+VcKZgKeiWKvm3W+Q5/OkLisF5GCPlhR/hPPnD8B9
LjN26rFc3XPP3Be/Ryrx2O39KCdnfxtdxGDqQNjnN2/b8yk/+rY7u5ciV+aZXr/6
Cp2F1ZYDYLS3JbqVRmIUbHNc0dkD9fxaOtHnVyKZz0dCKEMfFzWZsj27JpjYmR0f
Fbg6fMVaBzLS0zhoQu5/HVQtcn4FlUI/AMP3i+2SSLilb9Rv53Qsf2iSw0D5iRBo
JXwYiNaqJl9eEmEt2fT5+wyiH5cKimsbTI7mP9KvBg+fKDz/yQzorrRp2rCa/aVz
7OPqMRXDoqSneBCbyEP5OP6bnmZ1jS+OigoHHLcXFlocxVbXZ8UAPZDRdP2iZ4w2
dbZnP9ofDwNBJJ4vZWHJ
=gC/g
-----END PGP SIGNATURE-----