Accepted elog 2.5.7+r1558-4+sarge1 (source i386)

To: debian-changes@lists.debian.org
Subject: Accepted elog 2.5.7+r1558-4+sarge1 (source i386)
From: Recai Oktaş <roktas@debian.org>
Date: Sat, 28 Jan 2006 14:02:21 -0800
Message-id: <[🔎] E1F2y9F-0002Qq-5Q@spohr.debian.org>
Mail-followup-to: debian-devel@lists.debian.org
Reply-to: debian-devel@lists.debian.org

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Format: 1.7
Date: Sat, 28 Jan 2006 14:38:45 +0200
Source: elog
Binary: elog
Architecture: source i386
Version: 2.5.7+r1558-4+sarge1
Distribution: stable-security
Urgency: critical
Maintainer: Recai OktaÅ? <roktas@debian.org>
Changed-By: Recai OktaÅ? <roktas@debian.org>
Description: 
 elog       - Logbook system to manage notes through a Web interface
Changes: 
 elog (2.5.7+r1558-4+sarge1) stable-security; urgency=critical
 .
     * Major security update (big thanks to Florian Weimer)
       + Backport r1333 from upstream's Subversion repository:
         "Fixed crashes with very long (revisions) attributes"
       + Backport r1335 from upstream's Subversion repository:
         "Applied patch from Emiliano to fix possible buffer overflow"
       + Backport r1472 from upstream's Subversion repository:
         "Do not distinguish between invalid user name and invalid password
          for security reasons"
       + Backport r1487 from upstream's Subversion repository:
         "Fixed infinite redirection with ?fail=1"
       + Backport r1529 from upstream's Subversion repository:
         "Fixed bug with fprintf and buffer containing "%""
         [Our patch just eliminates the format string vulnerability.]
       + Backport r1620 from upstream's Subversion repository:
         "Prohibit '..' in URLs" [CVE-2006-0347]
       + Backport r1635 and r1642 from upstream's Subversion repository:
         "Fixed potential buffer overflows" [CVE-2005-4439]
Files: 
 631a4c5699098baacfa39a38282facee 581 web optional elog_2.5.7+r1558-4+sarge1.dsc
 01814c0dbcfe066f572812cd3ccfe6a1 21561 web optional elog_2.5.7+r1558-4+sarge1.diff.gz
 7a16fd4fff4c12acc71e4680953905a0 520894 web optional elog_2.5.7+r1558-4+sarge1_i386.deb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2 (GNU/Linux)

iD8DBQFD22bMnA44mz/SXIQRArXQAJkBSDWI9MoPkhus94ZAuEU9/b95FgCfe7Bb
9i6C/zgIuudrI84JXMU0L18=
=Rx3D
-----END PGP SIGNATURE-----


Accepted:
elog_2.5.7+r1558-4+sarge1.diff.gz
  to pool/main/e/elog/elog_2.5.7+r1558-4+sarge1.diff.gz
elog_2.5.7+r1558-4+sarge1.dsc
  to pool/main/e/elog/elog_2.5.7+r1558-4+sarge1.dsc
elog_2.5.7+r1558-4+sarge1_i386.deb
  to pool/main/e/elog/elog_2.5.7+r1558-4+sarge1_i386.deb

Reply to:

Prev by Date: Accepted drupal 4.5.3-5 (source all)
Next by Date: Accepted trac 0.8.1-3sarge4 (source all)
Previous by thread: Accepted drupal 4.5.3-5 (source all)
Next by thread: Accepted trac 0.8.1-3sarge4 (source all)
Index(es):
- Date
- Thread