Re: freeze exception -- bugzilla3 3.6.3.0-1
Bugzilla 3.6.3.0-1 with security fixes pending for unfreeze in
unstable since today.
Greetings,
Raphael
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Format: 1.8
Date: Mon, 15 Nov 2010 10:09:20 +0100
Source: bugzilla
Binary: bugzilla3 bugzilla3-doc
Architecture: source all
Version: 3.6.3.0-1
Distribution: unstable
Urgency: medium
Maintainer: Raphael Bossek <bossekr@debian.org>
Changed-By: Raphael Bossek <bossekr@debian.org>
Description:
bugzilla3 - web-based bug tracking system
bugzilla3-doc - comprehensive guide to Bugzilla
Closes: 602420
Changes:
bugzilla (3.6.3.0-1) unstable; urgency=medium
.
* New upstream release. Closes: #602420
* Fixed vulnerability CVE-2010-3172:
By inserting a certain string into a URL, it was possible
to inject both headers and content to any browser that
supported "Server Push" (mostly only Gecko-based browsers
like Firefox). This could lead to Cross-Site Scripting
vulnerabilities, and possibly other more dangerous security
issues as well.
* Fixed vulnerability CVE-2010-3764:
The Old Charts system generated graphs with
predictable names into the "graphs/" directory,
which also could be browsed to see its contents.
This allowed unauthorized users to see product
names and charted information about those
products over time.
* Fixed references to YUI components used by language templates.
* Fixed missing images.
* Surrpress error messages at installation stage.
Checksums-Sha1:
d77d70e1ec20b7ac80eabf26d4bf133ced458fba 1162 bugzilla_3.6.3.0-1.dsc
0b4fa7cff9dd5ce5aaf644bf73c4bd2946e79dd1 4438817 bugzilla_3.6.3.0.orig.tar.gz
3856d2b2a7e63979adce26453caece156b9ec8d0 99404 bugzilla_3.6.3.0-1.debian.tar.gz
2db2cfe7e85e0885c3f9affd41738a14524520ff 3043686 bugzilla3_3.6.3.0-1_all.deb
481a345d3ae43971148f35d7dcd8fea6b294d853 1418858
bugzilla3-doc_3.6.3.0-1_all.deb
Checksums-Sha256:
d7f068cc9dceba80d42a71c13ef6de8414678aa690c1055d5a07c3908c5dbd62 1162
bugzilla_3.6.3.0-1.dsc
85bf47de333b51e08223ac4a09529abd11e4a649c06ab9a10b5b02edc60817c4
4438817 bugzilla_3.6.3.0.orig.tar.gz
b3b921a2c05c3393fc5a766262c89dc206754429dd1e0d6a24e5f5d3cc269e56
99404 bugzilla_3.6.3.0-1.debian.tar.gz
d796eb7086de85ae42a20898c4799d376cc86dc4bffe27d5a9b6164114c9330e
3043686 bugzilla3_3.6.3.0-1_all.deb
cb75ad3bd91333590fcda13e9e09cfc4ae0b8ba0145bbaca1b80d0e92434700a
1418858 bugzilla3-doc_3.6.3.0-1_all.deb
Files:
bf631a0414a165adc549bce46b96cd39 1162 web optional bugzilla_3.6.3.0-1.dsc
f40946783c7ba2eeef36f1e3ab6c67ae 4438817 web optional
bugzilla_3.6.3.0.orig.tar.gz
47b5112962d0cc5ce1246946d0ad395b 99404 web optional
bugzilla_3.6.3.0-1.debian.tar.gz
580d2c90c93cfbbf3ed1881cd1ab4f0f 3043686 web optional
bugzilla3_3.6.3.0-1_all.deb
7e1905f851cb72a2a7a95680f103d068 1418858 doc optional
bugzilla3-doc_3.6.3.0-1_all.deb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (GNU/Linux)
iD8DBQFM4PnaN2lBq4Nesv8RAgy6AKCL7ViHGRKX11c8s2J8T+xqLrLTsQCeJuJr
/szVc938tepPiMoDOdC3s2I=
=FmTk
-----END PGP SIGNATURE-----
Reply to: