Branches for Squeeze

Author: Melissa Draper
Revision Date: 2012-12-27 10:37:23 UTC

* SECURITY UPDATE: Fix XSS in pagination URL
  - debian/patches/CVE-2012-2253.patch: upstream patch

* SECURITY UPDATE: Disable XML entity parsing to prevent XEE
  - debian/patches/CVE-2012-2239.patch: upstream patch

* SECURITY UPDATE: Multiple cross-site scripting vulnerabilities
  - Content passed to the error message was not escaped
  - Escape pieform errors displayed to users
  - debian/patches/CVE-2012-2243-0001.patch: upstream patch
  - XHTML files prone to embedded javascript
  - Prevent uploaded xhtml files from displaying verbatim
  - debian/patches/CVE-2012-2243-0002.patch: upstream patch

* SECURITY UPDATE: Arbitrary file execution via clam path
  - Remove executable bit from existing uploaded files
  - debian/patches/CVE-2012-2244-0001.patch: upstream patch
  - Ensure future files will not be executable
  - debian/patches/CVE-2012-2244-0002.patch: upstream patch
  - Remove direct path option from web configuration
  - debian/patches/CVE-2012-2244-0003.patch: upstream patch

* SECURITY UPDATE: Prevent click-jacking attacks
  - Add a HTTP header of X-Frame-Options to every page
  - debian/patches/CVE-2012-2246.patch: upstream patch

* SECURITY UPDATE: Prevent SVG images being displayed
  - SVG images displayed inline
  - Adds SVG files to the list of files to not display by default
  - debian/patches/CVE-2012-2247.patch: upstream patch