Branches for Lenny

Author: Nico Golde
Revision Date: 2011-09-08 19:15:16 UTC

* Non-maintainer upload by the Security Team.
* Fix possible DoS via globa expressions in STAT commands by
  limiting the matching loop (CVE-2011-0762; Closes: #622741).

Author: Nico Golde
Revision Date: 2011-09-05 21:23:52 UTC

* Non-maintainer upload by the Security Team.
* Backport upstream patches to fix several problems of unescaped
  shell commands leading to remote root compromise (Closes: #640028).

Author: Max Bowsher
Revision Date: 2011-08-19 17:17:37 UTC

Merge 2.3.4.

Author: Max Bowsher
Revision Date: 2011-08-19 17:16:49 UTC

Merge 2.3.4.

Author: Julien Cristau
Revision Date: 2011-08-11 15:46:54 UTC

Fix LZW decompression heap corruption (CVE-2011-2895).

Author: Jonathan Wiltshire
Revision Date: 2011-08-10 23:30:04 UTC

* Non-maintainer upload.
* Backport of 0009-fix-symlink-attack:
  Fix a potential symlink attack that could occur if a user
  with no home directory edited and saved the package hierarchy
  definitions. (Closes: #612034)

Author: Florian Weimer
Revision Date: 2011-08-09 20:12:37 UTC

Apply patch from ISC to fix CVE-2011-2748 and CVE-2011-2749.

Author: Thijs Kinkhorst
Revision Date: 2011-08-08 12:25:12 UTC

* Upload to lenny-security.
* Fix regression in patch for CVE-2010-2813 that caused a
  fatal error when logging in with a password which uses
  8 bit characters (closes: #593465). Thanks Micah Anderson
  and Jan Kontze for their debugging help.
* CVE-2011-2023: Messages containing style tags with malicious script
  attributes were being displayed without being fully sanitized.
* CVE-2010-4554: Clickjacking attack wherein the entire application can
  be loaded in a frame that could overlay other elements on top of
  SquirrelMail's user interface and possibly expose private user data
  to an attacker.
* CVE-2010-4555 CVE-2011-2752 CVE-2011-2753: An attacker could use one
  of several small bugs in SquirrelMail to inject malicious script into
  various pages or alter the contents of user preferences.

Author: Florian Weimer
Revision Date: 2011-08-04 19:20:06 UTC

Apply patches from Kai Blin to fix CVE-2011-2522, CVE-2011-2694

Author: Jonathan Wiltshire
Revision Date: 2011-08-03 20:31:43 UTC

* Non-maintainer upload.
* Backport fix for CVE-2011-1920 (symlink attack in bsd.lib.mk
  (Closes: #626673)

Author: Julien Cristau
Revision Date: 2011-08-01 20:24:37 UTC

glx: don't crash in SwapBuffers if we don't have a context
(closes: #603015).

Author: Jonathan Wiltshire
Revision Date: 2011-08-01 15:35:16 UTC

* Non-maintainer upload.
* Fix CVE-2011-XXXX: Insecure use of temporary files in rawlog.c and
  acctproc.c (Closes: #622794)

Author: Vincent Cheng
Revision Date: 2011-07-27 18:29:12 UTC

Patch TEMP-0612033-026F3E: security issue in Conky's "eve" module, which
causes Conky to be vulnerable to rewriting any user file.

Author: Thijs Kinkhorst
Revision Date: 2011-07-26 20:35:42 UTC

* Upload to oldstable to fix security issues.
* CVE-2011-2642: XSS in table Print view.

Author: Moritz
Revision Date: 2011-07-25 16:26:32 UTC

CVE-2011-2696

Author: Jonathan Wiltshire
Revision Date: 2011-07-25 13:40:32 UTC

* Non-maintainer upload.
* Backport security fixes: (Closes: #617606)
  - CVE-2011-1024 Authentication bypass in back-ldap
  - CVE-2011-1081 DoS in modrdn operation

Author: Russ Allbery
Revision Date: 2011-07-22 19:43:05 UTC

SECURITY: Fix vulnerability to a "wrapping attack" that could allow a
remote, unauthenticated attacker to craft messages that can be
successfully verified but contain arbitrary content. This may allow
an attacker to subvert the security of software using OpenSAML and
supply an unauthenticated login identity and data under the guise of a
trusted issuer. (CVE-2011-1411)

Author: Steffen Joeris
Revision Date: 2011-07-20 23:07:03 UTC

* Non-maintainer upload by the security team
* Fix off-by-one error in readrec.c (Closes: #584932)
  Fixes: CVE-2010-1938

Author: Guido Günther
Revision Date: 2011-07-16 21:21:24 UTC

[bb53af0] CVE-2011-2511: Fix integer overflow in VirDomainGetVcpus
(Closes: #633630)

Author: Steffen Joeris
Revision Date: 2011-07-16 11:51:07 UTC

* Non-maintainer uploaid by the security team (Closes: #598582)
* Fix cross-site scripting via the subdir parameter in
  util/icon_browser.php
  Fixes: CVE-2010-3077
* Fix cross-site request forgery via preference forms
  Fixes: CVE-2010-3694

Author: Nobuhiro Iwamatsu
Revision Date: 2011-07-16 05:13:23 UTC

* Apply upstream patch to 1-byte uninitialized memory reference in
  png_format_buffer(). (Closes: #632786, CVE-2011-2501)
* Apply upstream patch to buffer overwrite in png_rgb_to_gray.
  (Closes: #633871, CVE-2011-2690)
* Apply upstream patch to crash in png_default_error due to use of
  NULL Pointer. (Closes: #633871, CVE-2011-2691)
* Apply upstream patch to memory corruption when handling empty sCAL chunks.
  (Closes: #633871, CVE-2011-2692)

Author: Yves-Alexis Perez
Revision Date: 2008-05-18 19:48:41 UTC

* debian/{postinst,prerm} dropped, we don't install any mcs plugin anyway.
* debian/control:
  - remove Martin Loschwitz from Uploaders.

Author: Alan Boudreault
Revision Date: 2011-07-11 23:46:23 UTC

* Fix possible SQL injection in WFS (CVE-2011-2703).
  [http://trac.osgeo.org/mapserver/ticket/3874]
* Fix stack based buffer overflows (CVE-2011-2704).

Author: Russ Allbery
Revision Date: 2011-07-07 11:43:25 UTC

Apply upstream patch to fix buffer overflow when signing or verifying
files with big asymmetric keys. (Closes: #632973, CVE-2011-2516)

Author: Jonathan Wiltshire
Revision Date: 2011-06-29 23:06:32 UTC

* Non-maintainer upload.
* debian/patch-3:
  - fix CVE-2011-0433, a buffer overflow in linetoken() in parseAFM.c
  Closes: #614669

Author: Dominic Hargreaves
Revision Date: 2011-06-26 16:08:47 UTC

[SECURITY] CVE-2010-1447: further Safe.pm fixes for breaking out
of safe compartment using subroutine references (Closes: #631529)

Author: Jay Berkenbilt
Revision Date: 2011-06-24 08:10:22 UTC

Redo CVE-2011-0192 to fix a regression.

Author: Petter Reinholdtsen
Revision Date: 2008-08-12 16:07:50 UTC

* Fix typo in rcS(5), proberly->properly (Closes: #484233). Thanks to
  Julien Danjou for noticing.
* Fix typo in rcS(5), maually->manually (Closes: #493680). Thanks to
  Xr for noticing.
* Modify runlevel detection code in invoke-rc.d to notice the
  difference between runlevels 0 and 6, and the boot runlevel, to
  make it possible to use invoke-rc.d during boot (Closes: 384509).
* Make sure to call restorecon after mounting tmpfs file systems, to
  set SELinux permissions (Closes: #493679). Patch from Russell
  Coker.
* Move responsibility of stopping the splash screen process from
  individual init.d scripts to init.d/rc. This make sure the
  progress calculation reflect reality, and that the splash screen
  is taken down in runlevel 1 (Closes: #431560) and that it stop
  before gdm and kdm (Closes: #422922, #489734).
* Skip error message from checkfs.sh when / is read-only. Patch
  from Mirek Slugen (Closes: #492214).

Author: Ondřej Surý
Revision Date: 2011-06-06 09:14:29 UTC

Fix CVE-2011-1926: STARTTLS plaintext command injection
vulnerability (VU#555316)

Author: maximilian attems
Revision Date: 2011-06-01 10:20:28 UTC

ipconfig: Escape DHCP options. (CVE-2011-1930)

Author: Thijs Kinkhorst
Revision Date: 2011-05-31 21:18:28 UTC

* Non-maintainer upload.
* No-changes rebuild because lenny is now oldstable.

Author: Peter Samuelson
Revision Date: 2011-05-31 11:00:32 UTC

[ Michael Diers ]
* patches/cve-2011-1752: New patch for CVE-2011-1752, fixing a remotely
  triggered crash in mod_dav_svn, delivering baselined WebDAV resources.
* patches/cve-2011-1783: New patch for CVE-2011-1783 and CVE-2011-1921,
  fixing remotely triggered memory exhaustion and a content leak of
  files that are meant to be unreadable.

Author: Fabian Fagerholm
Revision Date: 2009-05-24 12:16:35 UTC

debian/patches/0021_CVE-2009-0688-fix.dpatch, debian/patches/00list:
Backport security fix for CVE-2009-0688 from upstream version 2.1.23.

Author: Dominic Hargreaves
Revision Date: 2011-05-29 10:51:20 UTC

Apply patch from 4.36 fixing various security vulnerabilities
(closes: #627936)

Author: Nico Golde
Revision Date: 2011-05-22 17:04:41 UTC

* Non-maintainer upload by the Security Team.
* Fix billion laughs DoS attack vector against xmpp component
  by completely disabling entity expansion (CVE-2011-1756).

Author: Nico Golde
Revision Date: 2011-05-22 15:25:57 UTC

* Non-maintainer upload by the Security Team.
* Fix billion laughs attack DoS attack vector by disabling entity expansion
  completely (CVE-2011-1753.patch).

Author: Florian Weimer
Revision Date: 2011-05-04 20:43:42 UTC

* Correct permissions on /var/spool/postfix/pid (CVE-2009-2939)
* Fix data injection in TLS handshaking (CVE-2011-0411)
* Don't reuse the SASL handle after authentication failure
  (CVE-2011-1720)

Author: Luciano Bello
Revision Date: 2011-05-02 12:18:06 UTC

* Non-maintainer upload by the Security Team.
* Fix two vulnerabilities in the ZODB ZEO network protocol (closes: #540465)
  - CVE-2009-0668 Arbitrary Python code execution in ZODB ZEO storage
    servers
  - CVE-2009-0669 Authentication bypass in ZODB ZEO storage servers

Author: Moritz Muehlenhoff
Revision Date: 2011-04-24 22:06:14 UTC

CVE-2011-1574

Author: Dominic Hargreaves
Revision Date: 2011-04-14 09:03:25 UTC

* Security fix: fix information leakage in scrips (CVE-2011-1008)
* Multiple security fixes for:
   - Information disclosure via SQL injection (CVE-2011-1686)
   - Information disclosure via search interface (CVE-2011-1687)
   - Information disclosure via directory traversal (CVE-2011-1688)
   - User javascript execution via XSS vulnerability (CVE-2011-1689)
   - Authentication credentials theft (CVE-2011-1690)
   - XSS relating to login credentials

Author: Thijs Kinkhorst
Revision Date: 2011-04-13 11:57:24 UTC

* Non-maintainer upload by the Security Team.
* Apply patch from upstream addressing arbitrary file overwrite
  (CVE-2011-1425, closes: #620560).

Author: Michael Tautschnig
Revision Date: 2009-04-14 16:53:46 UTC

[ Scott Kittermann ]
* Backported change from 0.95 of FLEVEL_DCONF to be able to re-enable
  signatures when security issues have been fixed.
* Security issues addressed in this release (closes: #523016, 522744):
  - [CVE-2008-6680] Fixed division by zero with --detect-broken.
  - [CVE-2009-1270] clamd and clamscan get hung up.

[ Michael Tautschnig ]
* Backported hardening of CLI_ISCONTAINED macros (fixes UPack crash with
  malformed file, #1552)

Author: Sean Finney
Revision Date: 2008-09-01 08:00:56 UTC

* refresh quilt patches to apply with no fuzz/offsets.
* add fglrx driver to compiz-manager whitelist (closes: #495539).

Author: Julien Cristau
Revision Date: 2011-04-06 01:35:43 UTC

xrdb: Create shell-escape-safe cpp options in the non-pathetic-cpp case.
Fixes CVE-2011-0465.

Author: Moritz
Revision Date: 2011-04-05 20:47:05 UTC

* CVE-2010-0522 CVE-2010-1441 CVE-2010-1442
* CVE-2010-1443 CVE-2010-3275 CVE-2010-3276
* CVE-2011-0531

Author: Moritz
Revision Date: 2011-03-29 21:24:19 UTC

Rebuild for Lenny being oldstable

Author: Steffen Joeris
Revision Date: 2011-03-27 20:42:56 UTC

* Non-maintainer upload by the security team
* Fix cross-site scripting via the fm parameters (Closes: #598584)
  Fixes: CVE-2010-3695

Author: Y Giridhar Appaji Nag
Revision Date: 2008-09-20 21:01:59 UTC

* Remove /usr/share/doc/elinks from previous install during upgrade
  and link to /usr/share/doc/elinks-data (Closes: #499347)
* Refresh patches (to use git diff instead of diff -Nur) and add
  comments to patches.
* Refresh 04_436817_nostrip.diff for 0.11.4 (it leaves a .orig file
  otherwise)
* Build-Depend on libgpm-dev instead of transitional libgpmg1-dev
* Update Standards-Version to 3.8.0, added a README.source file

Author: Russ Allbery
Revision Date: 2011-02-10 10:17:30 UTC

Reupload to oldstable-security since squeeze has now released.

Author: Raphael Geissert
Revision Date: 2011-03-19 15:23:30 UTC

* Non-maintainer upload by the Security Team.
* Fix CVE-2011-0520: buffer overflow via large number of labels

Author: Willi Mann
Revision Date: 2011-03-03 19:49:55 UTC

* CVE-2011-1018: Remote code execution by combination of
  - Logfile name by attacker's choice (e.g. samba log files) and
  - Missing sanitization of logfile names in system() call.
  - fix by encapsulating logfile names in ' and disallowing '.
    Taken from upstream.
  - closes: #615995

Author: Steve Langasek
Revision Date: 2008-03-08 01:36:09 UTC

* Non-maintainer upload.
* High-urgency upload for RC bugfix.
* Add -DLDAP_DEPRECATED to CFLAGS, to fix compatibility with OpenLDAP
  2.4 on 64-bit architectures. Closes: #463419.

Author: Michael Koch
Revision Date: 2008-05-07 20:03:55 UTC

Added patch to handle old capabilities version in jsvc-unix.c.
Closes: #412690

Author: Fathi Boudra
Revision Date: 2007-10-14 09:20:12 UTC

Initial release. (Closes: #446583)

Author: Arnaud Vandyck
Revision Date: 2006-08-01 12:01:53 UTC

* New upstram (closes: #377064)
* debian/watch: updated to official Apache web site (not a mirror)
* Updated Standards-Version to 3.7.2; split Build-Dep and
  Build-Dep-Indep
* Built with java-gcj-compat-dev and cdbs-ant
* debian/doc-base: added (based on Wolfgang's libcommons-logging-java
  debian/doc-base file)

Author: Daniel Leidert
Revision Date: 2008-10-26 15:13:10 UTC

* debian/compat: Raised to v5.
* debian/control: Vcs fields transition. Added DM-Upload-Allowed.
  (Vcs-Svn): Fixed location.
  (Build-Depends): Raised debhelper to v5.
  (Depends): Moved xml-core to Pre-Depends and increased the version to 0.12
  (closes: #482140).
  (Standards-Version): Raised to 3.7.3.
* debian/rules (debian/docbook-xml.install): Fixed to not put non-existent
  files into the .install file.
  (debian/docbook-xml.xmlcatalogs): Use `sed -i' and do not create a
  temporary file.
* debian/source.lintian-overrides: Added to override
  patch-system-but-direct-changes-in-diff warning, because file creation is
  intended.

Author: Alastair McKinstry
Revision Date: 2006-09-17 20:38:01 UTC

* Move to Standards-Version: 3.7.2. No changes required.
* Move to dehelpher DH_COMPAT=5. No changes required.

Author: Mohammed Sameer
Revision Date: 2008-01-28 01:26:15 UTC

* New upstream release
* debian/control:
 - Upstream changed the homepage again.
 - Added the Homepage control field.
 - s/debian/Debian/ in the description (Thanks lintian!)
* debian/copyright:
 - Changed the download location.
 - Updated upstream email.
 - Modified the copyright years (Added 2008)
 - Include the versions of the licenses (GPL 2.0/LGPL 2.1/MPL 1.1)
 - Updated the LGPL and GPL headers and modified their path on Debian.
* debian/docs:
 - Removed README
 - Added README-{ar,fr,en} and TODO-ar
* debian/rules:
 - use dh_install instead of copying manually
 - Install ChangeLog-ar via dh_installchangelogs
* Added install file for dh_install

Author: Jonas Smedegaard
Revision Date: 2008-06-23 23:57:14 UTC

* New upstream release.
* Unfuzz patches.
* Packaging moved to collab-maint Git at Alioth. Update VCS-* hints.
* Update local cdbs snippets:
  + Update copyright-check.mk to parse licensecheck output using perl:
    + No longer randomly drops newlines
    + More compact hint file (and ordered more like wiki-proposed new
      copyright syntax).
    + No longer ignore files without copyright.
  + Drop wget options broken with recent versions of wget in
    update-tarball.mk.
  + Relax copyright-check to only warn about its discoveries. Closes:
    bug#487060, thanks to Lucas Nussbaum.
  + Update dependency cleanup to strip cdbs 0.4.27 (not 0.4.27-1).
  + Cosmetic updates to README.cdbs-tweaks.
* Update debian/copyright-hints.
* Bump debhelper compatibility level to 6.
* Semi-auto-update debian/control to update build-dependencies:
    DEB_AUTO_UPDATE_DEBIAN_CONTROL=yes fakeroot debian/rules clean

Author: dann frazier
Revision Date: 2010-03-15 11:21:59 UTC

Correct typo in version string

Author: Modestas Vainius
Revision Date: 2008-10-20 14:40:23 UTC

* New upstream bugfix release:
  - Make sure user is properly logged in when handling a torrent post in the
    webgui.
  - Prevent PHP injection attacks in webgui.
  - Update file size in CacheFile::growFile, this fixes a SIGBUS error.
  - Fix bug causing infinite DNS lookups in UDP tracker when lookup fails
    (Closes: #502071).
  - Remove default label text KSqueezedTextLabel in trackerview.
* Disable both 97_fix_target_link_libraries.diff patches.

Author: Thomas Viehmann
Revision Date: 2008-10-13 23:24:41 UTC

* Non-maintainer upload for testing, identical to the the
  unstable 2.8.7dev9-2.1 one.
* fix src/tidy_tls.c X509_get_issuer_name to actually take the issuer
  DN of the present certificate and not hope that it is the same as
  taking the subject DN of the "next" certificate which
  may or may not exist. Closes: #499945
  This is debian/patches/patch-3.

Author: Alexander Sack
Revision Date: 2008-12-02 13:00:00 UTC

* fix enigmail use-agent behaviour for gpg < 2.0 (Closes: #506631)
  - add debian/patches/81_dont_use_agent_before_gpg_2.dpatch
  - update debian/patches/00list.thunderbird

Author: Alexander Wirt
Revision Date: 2008-07-24 20:56:32 UTC

* New upstream release
* Add libmail-dkim-perl (>= 0.31) to suggests (Closes: #487111)
* Fix socketpath in amavisd-release (Closes: #467189)
* Fix TLD check according to rfc2181 (Closes: #463587)
* Clarify FQDN errormessage (Closes: #451804)

Author: Modestas Vainius
Revision Date: 2008-08-11 13:08:48 UTC

* New upstream release.
* Minor updates to konversation.install file (translations).
* Refresh 17_add_extra_version_string.diff patch (STRHACK was removed from
  the final 1.1 release, readd).
* Regenerate 98_buildprep.diff.

Author: Otavio Salvador
Revision Date: 2008-09-21 21:21:13 UTC

[ Updated translations ]
* Arabic (ar.po) by Ossama M. Khayat
* Bosnian (bs.po) by Armin Besirovic
* Welsh (cy.po) by Jonathan Price
* Danish (da.po)
* Hebrew (he.po) by Omer Zak
* Croatian (hr.po) by Josip Rodin
* Latvian (lv.po) by Peteris Krisjanis
* Portuguese (Brazil) (pt_BR.po) by Felipe Augusto van de Wiel (faw)
* Serbian (sr.po) by Veselin Mijušković

Author: Otavio Salvador
Revision Date: 2008-09-21 21:23:10 UTC

[ Updated translations ]
* Arabic (ar.po) by Ossama M. Khayat
* Bosnian (bs.po) by Armin Besirovic
* Welsh (cy.po) by Jonathan Price
* Danish (da.po)
* Hebrew (he.po) by Omer Zak
* Croatian (hr.po) by Josip Rodin
* Latvian (lv.po) by Peteris Krisjanis
* Portuguese (Brazil) (pt_BR.po) by Felipe Augusto van de Wiel (faw)
* Serbian (sr.po) by Veselin Mijušković

Author: Luk Claes
Revision Date: 2006-01-26 20:05:05 UTC

* Non-maintainer upload.
* Add libxt-dev to build-depends (Closes: #347036, #349439).

Author: Samuel Mimram
Revision Date: 2007-09-08 01:49:22 UTC

* New upstream release.
* Removed camlp4 documentation since it is not up-to-date.
* Updated to standards version 3.7.2, no changes needed.
* Updated my email address.

Author: Christian Perrier
Revision Date: 2009-01-09 07:44:00 UTC

Rebuild with fixed Danish translation

Author: David Martínez Moreno
Revision Date: 2004-08-12 11:42:27 UTC

* New upstream release.
* Converted debian/changelog to UTF-8.
* Created debian/compat.
* debian/control:
  - Updated Standards-Version to 3.6.1 (no changes).
  - Converted to UTF-8.
  - Updated Build-Depends to debhelper v4.
  - Fixed short Description to comply with Developers Reference advice.
* debian/copyright:
  - Removed rests of dh_make in upstream's names.
  - Converted to UTF-8.
* debian/rules:
  - Cleaned old comments.
  - Uncommented dh_compress. That was giving lintian errors due to the
    changelog not being compressed.
  - Removed DH_COMPAT.

Author: Hans Öfverbeck
Revision Date: 2005-11-13 18:43:36 UTC

* Updated the address to the fsf in the copyright file.
* Changed character encoding from iso-8859-1 to utf-8 in
  this file and debian/control, closes: bug#338839.
* Updated to Standards-Version 3.6.2 (No changes needed).
* Added "mozilla" and "mozilla-thunderbird" to "Suggests".
* Added URL of upstream homepage in long description.

Author: David Martínez Moreno
Revision Date: 2006-02-03 02:13:40 UTC

* Fixed syntax in Makefile for compatibility with new make. Thanks, Daniel
  Schepler (closes: #350689).
* Acknowledge NMU from Steve (closes: #287422).
* debian/control: Bumped Standards-Version to 3.6.2.2.
* debian/copyright: Updated FSF's address.

Author: Bart Martens
Revision Date: 2007-04-13 18:42:01 UTC

* New upstream release.
* debian/patches/01_add_whitespace.diff: Removed.

Author: Aurelien Jarno
Revision Date: 2006-12-10 14:46:40 UTC

* NMU.
* Urgency set to high due to bug #401566
* Fix a segfault on 64-bit arches. Closes: #401566.
* Remove "Acceuillant" from the list of words. Closes: #321142.
* Add support for GNU/kFreeBSD. Closes: #332998.

Author: Wouter Verhelst
Revision Date: 2011-02-23 19:34:12 UTC

Cherry-pick commit 3ef52043861ab16352d49af89e048ba6339d6df8 from
upstream git repo to fix buffer size check in nbd-server. Closes:
#611187, CVE-2011-0530.

Author: Michael Biebl
Revision Date: 2011-02-23 15:34:21 UTC

* debian/patches/17_CVE-2011-1002.patch
  - Read NULL UDP packets else we end up in an infinite loop using 100% CPU
    and DoS of Avahi. (Closes: #614785, Fixes: CVE-2011-1002)

Author: Marcelo Jorge Vieira
Revision Date: 2011-02-20 22:12:00 UTC

Fixing CVE-2011-0740 (Closes: #611940)

Cross-site scripting (XSS) vulnerability in
scripts/magpie_slashbox.php and scripts/simple_smarty.php

Author: Thijs Kinkhorst
Revision Date: 2011-02-16 21:02:42 UTC

* Upload to lenny-security.
* CVE-2010-3089: cross-site scripting (XSS) vulnerabilities
  which can be exploited by list administrators (Closes: 599833).
* CVE-2011-0707: Cross site scripting in subscriber names.

Author: Devin Carraway
Revision Date: 2007-10-23 01:24:46 UTC

Acknowledge NMU

Author: Jon Marler
Revision Date: 2008-09-14 21:44:10 UTC

Fixed debian/rules to allow build under fakeroot (Closes: #498869)

Author: lamby
Revision Date: 2008-06-07 15:30:16 UTC

* Non-maintainer upload.
* Fix bashism in debian/rules (Closes: #472908)
* debian/control:
  - Use ${binary:Version} relationship instead of ${Source-Version}
  - Bump Standards-Version to 3.8.0

Author: Otavio Salvador
Revision Date: 2009-04-02 22:28:36 UTC

Built against version 2.6.26-6+lenny1 of linux-modules-extra-2.6.

Author: Otavio Salvador
Revision Date: 2009-04-02 22:28:41 UTC

Built against version 2.6.26-6+lenny1 of linux-modules-extra-2.6.

Author: Moritz Muehlenhoff
Revision Date: 2008-08-17 21:58:38 UTC

* Non-maintainer upload.
* Add a patch for 2.6.26 (Closes: #494719)

Author: Otavio Salvador
Revision Date: 2009-04-02 22:28:28 UTC

Built against version 2.6.26-6+lenny1 of linux-modules-extra-2.6.

Author: Otavio Salvador
Revision Date: 2009-04-02 22:28:44 UTC

Built against version 2.6.26-6+lenny1 of linux-modules-extra-2.6.

Author: Otavio Salvador
Revision Date: 2009-04-02 22:27:38 UTC

Built against version 2.6.26-6+lenny1 of linux-modules-extra-2.6.

Author: Otavio Salvador
Revision Date: 2009-04-02 22:27:55 UTC

Built against version 2.6.26-6+lenny1 of linux-modules-extra-2.6.

Author: Otavio Salvador
Revision Date: 2009-04-02 22:27:47 UTC

Built against version 2.6.26-6+lenny1 of linux-modules-extra-2.6.

Author: Otavio Salvador
Revision Date: 2009-04-02 22:27:28 UTC

Built against version 2.6.26-6+lenny1 of linux-modules-extra-2.6.

Author: Otavio Salvador
Revision Date: 2009-04-02 22:28:18 UTC

Built against version 2.6.26-6+lenny1 of linux-modules-extra-2.6.

Author: Filippo Giunchedi
Revision Date: 2006-09-16 22:57:52 UTC

move /usr/lib/firmware to /lib/firmware (Closes: #400040)

Author: Nikita V. Youshchenko
Revision Date: 2008-06-03 23:34:45 UTC

* Removed treelang documentation package since treelang is no longer in
  Debian.
* Mentioned AdaCore copyright on Ada documentation in debian/copyright.
  Closes: #484340.

Author: Nikita V. Youshchenko
Revision Date: 2008-06-03 23:27:43 UTC

* Removed treelang documentation package (since treelang is no longer in
  Debian).
* Mentioned AdaCore copyright on Ada documentation in debian/copyright.
  Closes: #484340.

Author: WanderingVillager
Revision Date: 2008-06-18 09:44:02 UTC

* Documentation snapshot for the Wine 1.0 release.
* Now that the upstream docs repository has finally moved to git, I
  moved the wine-doc packaging to pkg-wine's git repository on alioth.
  Made the pkg-wine-party mailing list the official maintainer of the
  wine-doc package, and myself an uploader.
* Adapted some maintainer scripts from the Wine packaging.
* Added a debian/watch file.
* Changed doc-base section fields from Apps/Emulators to Emulators, to
  comply with current policy.
* Renamed HTML documentation directories to more closely follow
  upstream document naming, and fixed SGML documentation file paths in
  doc-base files.
* Upgraded debhelper compatibility level to 5.
* Moved debhelper from Build-Depends-Indep to Build-Depends.
* Upgraded Standards-Version to 3.7.3.
* Preserve po4a/Makefile in debian/rules clean.

Author: Steve Kemp
Revision Date: 2011-02-11 09:33:09 UTC

* Non-maintainer upload by the security team.
* Fix XSS attack for non-javascript using clients.
  [CVE-2011-0050].

Author: Anibal Monsalve Salazar
Revision Date: 2008-09-04 20:39:42 UTC

* Non-maintainer upload.
* Drop patches for 2.6.16, 2.6.17 and 2.6.18, not in unstable or
  testing any more.
* Add patches for 2.6.24, 2.6.25 and 2.6.26; closes: #494757
  The x86 architecture replaces i386 and x86_64 since 2.6.24-rc1
* Add copyright notices
* Update Changelogs
* Update doc/{slides,kdb_bt.man}
* Standards-Version is 3.8.0
* Add control homepage header

Author: Tomasz (Tomek) Muras
Revision Date: 2011-02-06 00:29:24 UTC

* Upgrade bundled CAS to 1.1.3. Cherry picked commits:
  - 2edb3c6a5c205aed99932a73b2b8d4f6ec262992
  - d2bdcac8a917c132d1c86108943c2c9830f3b5f6
  - d485928c12f6ebfa3d216b6e52918ade24b54bb8
  Addressed vulnerabilities:
  - CVE-2010-2795
  - CVE-2010-2796
  - CVE-2010-3690
  - CVE-2010-3691
  - CVE-2010-3692
* Added note to NEWS about broken user picture - thanks for
  Victor Martinez (closes: #600043)

Author: Stefan Fritsch
Revision Date: 2011-01-30 21:37:49 UTC

* Non-maintainer upload by the Security Team.
* Fix regression: exim -bf no longer works as untrusted user.
  Closes: #611572