Accepted elog 2.5.7+r1558-4+sarge1 (source i386)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Format: 1.7
Date: Sat, 28 Jan 2006 14:38:45 +0200
Source: elog
Binary: elog
Architecture: source i386
Version: 2.5.7+r1558-4+sarge1
Distribution: stable-security
Urgency: critical
Maintainer: Recai OktaÅ? <roktas@debian.org>
Changed-By: Recai OktaÅ? <roktas@debian.org>
Description:
elog - Logbook system to manage notes through a Web interface
Changes:
elog (2.5.7+r1558-4+sarge1) stable-security; urgency=critical
.
* Major security update (big thanks to Florian Weimer)
+ Backport r1333 from upstream's Subversion repository:
"Fixed crashes with very long (revisions) attributes"
+ Backport r1335 from upstream's Subversion repository:
"Applied patch from Emiliano to fix possible buffer overflow"
+ Backport r1472 from upstream's Subversion repository:
"Do not distinguish between invalid user name and invalid password
for security reasons"
+ Backport r1487 from upstream's Subversion repository:
"Fixed infinite redirection with ?fail=1"
+ Backport r1529 from upstream's Subversion repository:
"Fixed bug with fprintf and buffer containing "%""
[Our patch just eliminates the format string vulnerability.]
+ Backport r1620 from upstream's Subversion repository:
"Prohibit '..' in URLs" [CVE-2006-0347]
+ Backport r1635 and r1642 from upstream's Subversion repository:
"Fixed potential buffer overflows" [CVE-2005-4439]
Files:
631a4c5699098baacfa39a38282facee 581 web optional elog_2.5.7+r1558-4+sarge1.dsc
01814c0dbcfe066f572812cd3ccfe6a1 21561 web optional elog_2.5.7+r1558-4+sarge1.diff.gz
7a16fd4fff4c12acc71e4680953905a0 520894 web optional elog_2.5.7+r1558-4+sarge1_i386.deb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2 (GNU/Linux)
iD8DBQFD22bMnA44mz/SXIQRArXQAJkBSDWI9MoPkhus94ZAuEU9/b95FgCfe7Bb
9i6C/zgIuudrI84JXMU0L18=
=Rx3D
-----END PGP SIGNATURE-----
Accepted:
elog_2.5.7+r1558-4+sarge1.diff.gz
to pool/main/e/elog/elog_2.5.7+r1558-4+sarge1.diff.gz
elog_2.5.7+r1558-4+sarge1.dsc
to pool/main/e/elog/elog_2.5.7+r1558-4+sarge1.dsc
elog_2.5.7+r1558-4+sarge1_i386.deb
to pool/main/e/elog/elog_2.5.7+r1558-4+sarge1_i386.deb
Reply to: