Back to roundup PTS page

Accepted roundup 1.4.15-3+deb6u1 (source all) into squeeze-lts



-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Sun, 23 Aug 2015 16:41:10 +0200
Source: roundup
Binary: roundup
Architecture: source all
Version: 1.4.15-3+deb6u1
Distribution: squeeze-lts
Urgency: high
Maintainer: Toni Mueller <toni@debian.org>
Changed-By: Thorsten Alteholz <debian@alteholz.de>
Description: 
 roundup    - an issue-tracking system
Changes: 
 roundup (1.4.15-3+deb6u1) squeeze-lts; urgency=high
 .
   * Non-maintainer upload by the Squeeze LTS Team.
   * CVE-2012-6130
     Cross-site scripting (XSS) vulnerability in the history
     display in Roundup before 1.4.20 allows remote attackers
     to inject arbitrary web script or HTML via a username,
     related to generating a link.
   * CVE-2012-6131
     Cross-site scripting (XSS) vulnerability in cgi/client.py
     in Roundup before 1.4.20 allows remote attackers to inject
     arbitrary web script or HTML via the @action parameter to
     support/issue1.
   * CVE-2012-6132
     Cross-site scripting (XSS) vulnerability in Roundup before
     1.4.20 allows remote attackers to inject arbitrary web
     script or HTML via the otk parameter.
   * CVE-2012-6133
     XSS flaws in ok and error messages
     We solve this differently from the proposals in the bug-report
     by not allowing *any* html-tags in ok/error messages anymore.
Checksums-Sha1: 
 bf7268ee3735fc9ac1588052a88a3fc25dfe6cce 1833 roundup_1.4.15-3+deb6u1.dsc
 98cd2e1ae5edd795a2b2c83d5f9854704855721b 1440997 roundup_1.4.15.orig.tar.gz
 df3154f9c835f380e45eb8d01e40ce5d865bf1a4 29213 roundup_1.4.15-3+deb6u1.debian.tar.gz
 3dff2dd7772189e6ddaffee7782636a14c297989 1361658 roundup_1.4.15-3+deb6u1_all.deb
Checksums-Sha256: 
 58e502edac814d90d3c56813fba8cd18ff45d9f2d8cc68486abb0fd159a75943 1833 roundup_1.4.15-3+deb6u1.dsc
 5dd652b96abbfff4be57a7d39c7fc126f69f86058c2f6d4aefbb2d6d96bf02d9 1440997 roundup_1.4.15.orig.tar.gz
 d0c9566c60b04d674863a0bba43b178f8afc23591a7ee7438185b6d1d652d748 29213 roundup_1.4.15-3+deb6u1.debian.tar.gz
 415ff24c6dc29feeb07c0bb4cfebc23799f1922b7e01ddf515e76d99c2a488a8 1361658 roundup_1.4.15-3+deb6u1_all.deb
Files: 
 ce7d7b2414bbc1bed996ace9bb328d34 1833 web optional roundup_1.4.15-3+deb6u1.dsc
 65af27f02ff0aef9d6babc7373d426b9 1440997 web optional roundup_1.4.15.orig.tar.gz
 c0bc148230835aa82dbbd7eeee527ad2 29213 web optional roundup_1.4.15-3+deb6u1.debian.tar.gz
 2bf5eaaa013dd187d812311cbe41aa19 1361658 web optional roundup_1.4.15-3+deb6u1_all.deb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQJ8BAEBCgBmBQJV2eV2XxSAAAAAAC4AKGlzc3Vlci1mcHJAbm90YXRpb25zLm9w
ZW5wZ3AuZmlmdGhob3JzZW1hbi5uZXQ2MjAxRkJGRkRCQkRFMDc4MjJFQUJCOTY5
NkZDQUMwRDM4N0I1ODQ3AAoJEJb8rA04e1hH+UwQAJ+AVPEebZDOVdXg9shoPHH9
ET9OX2WOcyOJV5GJb/hXlrNpZ6VU+IFgXOnfYl3awWwHb5Fmo44dbss3FLQbG/9K
/WbPH5txHVVzqLsMb+y0JqU5q0OuhyxM07b/jpqEMpO3MAtT32oD3dS7GeloXWra
/NDJ3i2+8/PE+C31yl6TRRAOYcflsuw6mSuQIJwL+Kgd1omzbjroul7aP4VybEUj
6+gpDKavNN/AQaNTeq0wKmS6eIINKDCcE8oRZJVq7b5SuA7XAECNqJn1Fie6I57b
dtHj+21gbuEV+w1KTZXbFYJ+VcKZgKeiWKvm3W+Q5/OkLisF5GCPlhR/hPPnD8B9
LjN26rFc3XPP3Be/Ryrx2O39KCdnfxtdxGDqQNjnN2/b8yk/+rY7u5ciV+aZXr/6
Cp2F1ZYDYLS3JbqVRmIUbHNc0dkD9fxaOtHnVyKZz0dCKEMfFzWZsj27JpjYmR0f
Fbg6fMVaBzLS0zhoQu5/HVQtcn4FlUI/AMP3i+2SSLilb9Rv53Qsf2iSw0D5iRBo
JXwYiNaqJl9eEmEt2fT5+wyiH5cKimsbTI7mP9KvBg+fKDz/yQzorrRp2rCa/aVz
7OPqMRXDoqSneBCbyEP5OP6bnmZ1jS+OigoHHLcXFlocxVbXZ8UAPZDRdP2iZ4w2
dbZnP9ofDwNBJJ4vZWHJ
=gC/g
-----END PGP SIGNATURE-----