[Webapps-common-discuss] [commit] r100 -
packages/bugzilla/trunk/debian
Alexis Sukrieh
sukria at alioth.debian.org
Sat Nov 4 01:11:18 CET 2006
Author: sukria
Date: 2006-11-04 01:11:18 +0100 (Sat, 04 Nov 2006)
New Revision: 100
Modified:
packages/bugzilla/trunk/debian/changelog
packages/bugzilla/trunk/debian/control
Log:
Changelog entry, dependency on libmailtools-perl >= 1.67
Modified: packages/bugzilla/trunk/debian/changelog
===================================================================
--- packages/bugzilla/trunk/debian/changelog 2006-11-03 23:39:12 UTC (rev 99)
+++ packages/bugzilla/trunk/debian/changelog 2006-11-04 00:11:18 UTC (rev 100)
@@ -1,3 +1,20 @@
+bugzilla (2.22.1-1) unstable; urgency=high
+
+ * New upstream release (2.22.1) fixes several security issues (hence the
+ high priority)
+ + CVE-2006-5455:
+ Cross-site request forgery (CSRF) vulnerability in `editversions.cgi'.
+ + CVE-2006-5454:
+ Previous versions allow remote attackers to obtain the description
+ of arbitrary attachments.
+ + CVE-2006-5453:
+ Multiple cross-site scripting (XSS) vulnerabilities.
+ (bug #395094 now affects only sarge)
+ * Depends on libtemplate-perl (>= 2.10)
+ * Depends on libmailtools-perl (>= 1.67)
+
+ -- Alexis Sukrieh <sukria at debian.org> Sat, 4 Nov 2006 01:10:20 +0100
+
bugzilla (2.22-7) unstable; urgency=low
* The package is now maintained by the Debian Webapps Team.
Modified: packages/bugzilla/trunk/debian/control
===================================================================
--- packages/bugzilla/trunk/debian/control 2006-11-03 23:39:12 UTC (rev 99)
+++ packages/bugzilla/trunk/debian/control 2006-11-04 00:11:18 UTC (rev 100)
@@ -11,7 +11,7 @@
Architecture: all
Depends: debconf (>= 0.9.95) | debconf-2.0,
libtemplate-perl (>= 2.10), libappconfig-perl, libdbd-mysql-perl,
- libtimedate-perl, libmailtools-perl (>= 1.6.7), libmime-perl,
+ libtimedate-perl, libmailtools-perl (>= 1.67), libmime-perl,
apache | apache2 | apache-perl | apache-ssl | httpd,
sendmail | postfix | exim4 | mail-transport-agent,
ucf (>= 0.08), patch, dbconfig-common (>= 1.8.27)
More information about the Webapps-common-discuss
mailing list