Ubuntu
torrentflux package

Branches for Edgy

Name		Status	Last Modified	Last Commit
lp:ubuntu/edgy/torrentflux		1 Development	2009-07-20 11:46:07 UTC 2009-07-20	3. * SECURITY UPDATE: Vulnerable to cros... Author: Kees Cook Revision Date: 2006-10-11 14:41:27 UTC * SECURITY UPDATE: Vulnerable to cross-site scripting. * Add 'debian/patches/05_sanitize_html_entities.dpatch': sanitize User-Agent and host display in admin.php. * References http://www.stevenroddis.com.au/2006/10/06/torrentflux-user-agent-xss-vulnerability/
lp:ubuntu/edgy-security/torrentflux		1 Development	2009-07-20 11:48:08 UTC 2009-07-20	4. * SECURITY UPDATE: merge many securit... Author: Cameron Dale Revision Date: 2007-10-21 14:41:27 UTC * SECURITY UPDATE: merge many security fixes from Debian (LP: #155491) * Remove the old 05_sanitize_html_entities.dpatch as it's fix is included with many more in 06_sanitize_html_entities.dpatch * Include many security fixes from Debian's 2.1-7 (the following entries are taken from the Debian changelog) * Fix minor XSS vulnerability in admin.php, issue CVE-2006-5227 (06_sanitize_html_entities.dpatch) * Updated 06_sanitize_html_entities.dpatch to fix the security issue CVE-2006-5451 * Fixed the directroy traversal vulnerability, issue CVE-2006-5609 (09_fix_directory_traversal.dpatch) * Sanitize file inputs, fixes: CVE-2006-6328, CVE-2006-6329, CVE-2006-6330, CVE-2006-6598 (10_sanitize_file_input.dpatch) * Add more security fixes - some missed previously (11_missed_security_fixes.dpatch) - remote command execution in metaInfo.php, issue CVE-2006-6331 (12_metaInfo_remote_command.dpatch) - possible XSS vulnerability due to urldecode, fixes CVE-2006-6600 (13_possible_xss_vulnerability.dpatch) - remote command execution in maketorrent.php, fixes CVE-2006-6599 (14_maketorrent_remote_command.dpatch) - more possible fixes just to be safe, fixes CVE-2006-6604 (15_additional_possible_fixes.dpatch)
lp:ubuntu/edgy-updates/torrentflux		1 Development	2009-07-20 11:46:35 UTC 2009-07-20	4. * SECURITY UPDATE: merge many securit... Author: Cameron Dale Revision Date: 2007-10-21 14:41:27 UTC * SECURITY UPDATE: merge many security fixes from Debian (LP: #155491) * Remove the old 05_sanitize_html_entities.dpatch as it's fix is included with many more in 06_sanitize_html_entities.dpatch * Include many security fixes from Debian's 2.1-7 (the following entries are taken from the Debian changelog) * Fix minor XSS vulnerability in admin.php, issue CVE-2006-5227 (06_sanitize_html_entities.dpatch) * Updated 06_sanitize_html_entities.dpatch to fix the security issue CVE-2006-5451 * Fixed the directroy traversal vulnerability, issue CVE-2006-5609 (09_fix_directory_traversal.dpatch) * Sanitize file inputs, fixes: CVE-2006-6328, CVE-2006-6329, CVE-2006-6330, CVE-2006-6598 (10_sanitize_file_input.dpatch) * Add more security fixes - some missed previously (11_missed_security_fixes.dpatch) - remote command execution in metaInfo.php, issue CVE-2006-6331 (12_metaInfo_remote_command.dpatch) - possible XSS vulnerability due to urldecode, fixes CVE-2006-6600 (13_possible_xss_vulnerability.dpatch) - remote command execution in maketorrent.php, fixes CVE-2006-6599 (14_maketorrent_remote_command.dpatch) - more possible fixes just to be safe, fixes CVE-2006-6604 (15_additional_possible_fixes.dpatch)