Please unblock horde3/3.2.2+debian0-1
Hello,
horde3 3.2.2+debian0-1 is a "security fix release". It fixes
CVE-2008-3823 and I added two packaging patch:
- Improve upgrade path Etch->Lenny. (#493885)
- Fix misspelling in Recommends: field. (#499001)
I'm aware it's late to include this changes in Lenny but I think
this is the best version for our future Debian stable. Note
that debdiff is not too big (two lines modified in source code,
two lines in debian/control and a new preinst script).
horde3/3.2.2+debian0-1 is in unstable since 5 days without new
bug. horde3 is mainly installed on mail servers. popcon reports
535 installations.
Changelog:
--8<--
horde3 (3.2.2+debian0-1) unstable; urgency=high
* New upstream release.
* This version is mainly for fixing two security bugs: unescaped output in
the MIME library and improve the XSS filter for HTML (See CVE-2008-3823 for
more information). (Closes: #499579)
* Add changelog entry with CVE ID in changelog for 3.2.1+debian0-1.
* Fix misspelling in Recommends: field. (Closes: #499001)
* Improve upgrade path Etch->Lenny with forcing to show diff of
/etc/horde/horde3/registry.php because all horde components are now
inactive by default. (Closes: #493885)
* Change Gregory Colpart's email address in debian/control file.
-- Gregory Colpart <reg@debian.org> Mon, 22 Sep 2008 03:28:05 +0200
--8<--
debdiff: http://gcolpart.evolix.net/debian/horde3/horde3_3.2.1+debian0-2_3.2.2+debian0-1.diff
PTS: http://packages.qa.debian.org/h/horde3.html
Regards,
--
Gregory Colpart <reg@evolix.fr> GnuPG:1024D/C1027A0E
Evolix - Informatique et Logiciels Libres http://www.evolix.fr/
Reply to: