Branches for Jaunty

Author: Thijs Kinkhorst
Revision Date: 2009-01-19 20:59:17 UTC

[ Thijs Kinkhorst ]
* New upstream release.
* Replace dh_clean -k by dh_prep.

[ Michal Čihař ]
* Better describe steps needed to access phpMyAdmin in README.Debian
  (Closes: #508703).

Author: Marc Deslauriers
Revision Date: 2009-10-26 08:55:07 UTC

* SECURITY UPDATE: XSS via a crafted name for a MySQL table (LP: #450505)
  - debian/patches/046-security-CVE-2009-3696-3697.dpatch: filter special
    characters in db_operations.php and db_structure.php.
  - CVE-2009-3696
* SECURITY UPDATE: SQL injection via PDF schema generator functionality
  (LP: #450505)
  - debian/patches/046-security-CVE-2009-3696-3697.dpatch: filter and
    escape special characters in pdf_pages.php and pmd_pdf.php.
  - CVE-2009-3697
* SECURITY UPDATE: code injection via configuration files (LP: #392324)
  - Previous patch for CVE-2009-1285 was incomplete
  - debian/patches/045-security-CVE-2009-1285-2.dpatch: do not allow user
    to modify php code before saving in setup/frames/config.inc.php and
    setup/config.php.
  - CVE-2009-1285

Author: Marc Deslauriers
Revision Date: 2009-10-26 08:55:07 UTC

* SECURITY UPDATE: XSS via a crafted name for a MySQL table (LP: #450505)
  - debian/patches/046-security-CVE-2009-3696-3697.dpatch: filter special
    characters in db_operations.php and db_structure.php.
  - CVE-2009-3696
* SECURITY UPDATE: SQL injection via PDF schema generator functionality
  (LP: #450505)
  - debian/patches/046-security-CVE-2009-3696-3697.dpatch: filter and
    escape special characters in pdf_pages.php and pmd_pdf.php.
  - CVE-2009-3697
* SECURITY UPDATE: code injection via configuration files (LP: #392324)
  - Previous patch for CVE-2009-1285 was incomplete
  - debian/patches/045-security-CVE-2009-1285-2.dpatch: do not allow user
    to modify php code before saving in setup/frames/config.inc.php and
    setup/config.php.
  - CVE-2009-1285