Accepted bugzilla 2.22.1-1 (source all)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Format: 1.7
Date: Sat, 4 Nov 2006 01:10:20 +0100
Source: bugzilla
Binary: bugzilla bugzilla-doc
Architecture: source all
Version: 2.22.1-1
Distribution: unstable
Urgency: high
Maintainer: Debian Webapps Team <webapps-common-packages@lists.alioth.debian.org>
Changed-By: Alexis Sukrieh <sukria@debian.org>
Description:
bugzilla - web-based bug tracking system
bugzilla-doc - comprehensive guide to Bugzilla
Changes:
bugzilla (2.22.1-1) unstable; urgency=high
.
* New upstream release (2.22.1) fixes several security issues (hence the
high priority)
+ CVE-2006-5455:
Cross-site request forgery (CSRF) vulnerability in `editversions.cgi'.
+ CVE-2006-5454:
Previous versions allow remote attackers to obtain the description
of arbitrary attachments.
+ CVE-2006-5453:
Multiple cross-site scripting (XSS) vulnerabilities.
(bug #395094 now affects only sarge)
* Depends on libtemplate-perl (>= 2.10)
* Depends on libmailtools-perl (>= 1.67)
Files:
885349f926cc017c62cc042fe8bf19bd 772 web optional bugzilla_2.22.1-1.dsc
c5b0baf3d7f7a7bc06d186f8165cd1df 1938535 web optional bugzilla_2.22.1.orig.tar.gz
a1365390a542757d7d56a3a050ec68f0 66653 web optional bugzilla_2.22.1-1.diff.gz
51f2ac74cefb8c55ef27bd07a14700c1 821510 web optional bugzilla_2.22.1-1_all.deb
30dfb1cd2b26ae3a351444e96ff4994f 615188 doc optional bugzilla-doc_2.22.1-1_all.deb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.5 (GNU/Linux)
iD8DBQFFS9syRg1L1x7l3TQRAsAgAKCpqZweKDg2OFjxpI/aKIVxSOciIwCfWkqH
FLGQb2RnGd0KgPkeSK/IFmg=
=cW1k
-----END PGP SIGNATURE-----
Accepted:
bugzilla-doc_2.22.1-1_all.deb
to pool/main/b/bugzilla/bugzilla-doc_2.22.1-1_all.deb
bugzilla_2.22.1-1.diff.gz
to pool/main/b/bugzilla/bugzilla_2.22.1-1.diff.gz
bugzilla_2.22.1-1.dsc
to pool/main/b/bugzilla/bugzilla_2.22.1-1.dsc
bugzilla_2.22.1-1_all.deb
to pool/main/b/bugzilla/bugzilla_2.22.1-1_all.deb
bugzilla_2.22.1.orig.tar.gz
to pool/main/b/bugzilla/bugzilla_2.22.1.orig.tar.gz
Reply to: