Branches for Lenny

Author: Thomas Goirand
Revision Date: 2011-09-11 05:15:26 UTC

* QA upload fixing:
  - Removed old iGlobalWall folder which included unwanted information.
  - Removed sourceless OSX mod_log_sql.so files (Closes: #637469).
  - Fixes lists shell injection issue (Closes: #637477).
  - Sets unix rights to non-world readable for the apache2.conf file,
  since it contains SQL access password (Closes: #637485).
  - Now htmlspecialchars() the output of DNS & MX, preventing a possible
  HTML injection issue (Closes: #637584).
  - Fixes "package installer includes php files in untrusted directories"
  if some package install packages are installed (Closes: #637629, #637630).
  - Adds htmlspecialchars() in the ticket display.
  - Fixes sudo access to chrootuid is giving access to root using the new
  dtc-chroot-wrapper (Closes: #637618).
  - Not using htpasswd -b to create .htpasswd files (Closes: #637537).
  - Checks $_SERVER["addrlink"] input correctly, since it could lead to very
  bad SQL insertion (Closes: #637487 ).
  - Fixes an SQL injection in package installer (Closes: #637632).
  - Fixes an SQL injection in the draw_user_admin.php (Closes: #637669).