Accepted acidbase 1.2.5-1 (source all)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Format: 1.7
Date: Mon, 12 Jun 2006 21:20:37 +0200
Source: acidbase
Binary: acidbase
Architecture: source all
Version: 1.2.5-1
Distribution: unstable
Urgency: high
Maintainer: David Gil <dgil@telefonica.net>
Changed-By: David Gil <dgil@telefonica.net>
Description:
acidbase - Basic Analysis and Security Engine
Closes: 363548 370576
Changes:
acidbase (1.2.5-1) unstable; urgency=high
.
* New upstream release, wich includes the following security improvements:
+ Added XSSPrintSafe() (array safe htmlspecilchars() function) and made
filterSql() use ADOdb qmagic()
+ Filtered all unfiltred (mainly auth system stuff) $_POST and $_GET
variables using filterSql()
+ Santized all $_SERVER variables to be protected against XSS attacks
These improvements fix the following security bugs:
+ Cross-site scripting (XSS) vulnerability (CVE-2006-1590)
(Closes: #363548).
+ Remote File Inclusion Vulnerabilities (CVE-2006-2685)
(Closes: #370576).
.
* debian/patches/02_update_external_links.dpatch : updated.
.
* Applied part of the patch from Paul Wise <pabs3@bonedaddy.net>:
+ Remove short description from long description
+ Update copyright file with more information
.
* Bump Standards-Version to 3.7.2 (no policy-related changes needed).
.
* Fix an annoying dbconfig-common error: Add dbc_dbtypes variable in
mantainer scripts, not only in config file.
This is related to bug #372948 (dbconfig-common: can not determine the
database type).
.
* Remove ucf file under /etc/acidbase on package purge.
Files:
1627500fb735f4ce19a137031d59c0c3 683 web optional acidbase_1.2.5-1.dsc
cd6a83df67106ebf9a148d5ac1ec9b8c 335819 web optional acidbase_1.2.5.orig.tar.gz
3cc7ab0405eaf4e2539f64a175af64f6 14891 web optional acidbase_1.2.5-1.diff.gz
15ce906b026e9bb7d89a4c9dd600e28d 346322 web optional acidbase_1.2.5-1_all.deb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2 (GNU/Linux)
iD8DBQFEjvmKsandgtyBSwkRAhSVAJ46v7d4R2rcEEMNf+YoI26PdkVpDACfdtKL
d9OHPfMIsMKT1oNU4OeTlf4=
=YUKe
-----END PGP SIGNATURE-----
Accepted:
acidbase_1.2.5-1.diff.gz
to pool/main/a/acidbase/acidbase_1.2.5-1.diff.gz
acidbase_1.2.5-1.dsc
to pool/main/a/acidbase/acidbase_1.2.5-1.dsc
acidbase_1.2.5-1_all.deb
to pool/main/a/acidbase/acidbase_1.2.5-1_all.deb
acidbase_1.2.5.orig.tar.gz
to pool/main/a/acidbase/acidbase_1.2.5.orig.tar.gz
Reply to: