Branches for Hardy

Author: Romain Beauxis
Revision Date: 2008-01-26 03:26:42 UTC

[ Vincent Bernat ]
* Bug fix: "CVE-2007-6321: Cross-site scripting (XSS) vulnerability",
  thanks to Micah Anderson (Closes: #455840). The patch is from
  http://lists.roundcube.net/mail-archive/dev/2007-12/0000038.html and
  provided by Robin Elfrink. It has been modified with some functions
  stolen from Squirrelmail.
* Finnish debconf template, thanks to Esko Arajärvi (Closes: #458244).

[ Romain Beauxis ]
* Added DM-Upload-Allowed: yes to control file.
* Moved po-debconf to Build-Dep since it is needed for clean
  target. Thanks to lintian.

Author: Andrew Starr-Bochicchio
Revision Date: 2009-02-19 13:06:58 UTC

* SECURITY UPDATE: denial of service (memory consumption) via
  crafted size parameters that are used to create a large quota
  image - CVE-2008-5620 (LP: #316550)
 - debian/patches/cve-2008-5620.patch
  + Backported from Debian
* SECURITY UPDATE: allows remote attackers to execute arbitrary
  code via crafted input that is processed by the preg_replace
  function with the eval switch. - CVE-2008-56-19 (LP: #316550)
 - debian/patches/cve-2008-5619.patch
  + Backport from Debian.

Author: Andrew Starr-Bochicchio
Revision Date: 2009-02-19 13:06:58 UTC

* SECURITY UPDATE: denial of service (memory consumption) via
  crafted size parameters that are used to create a large quota
  image - CVE-2008-5620 (LP: #316550)
 - debian/patches/cve-2008-5620.patch
  + Backported from Debian
* SECURITY UPDATE: allows remote attackers to execute arbitrary
  code via crafted input that is processed by the preg_replace
  function with the eval switch. - CVE-2008-56-19 (LP: #316550)
 - debian/patches/cve-2008-5619.patch
  + Backport from Debian.