Branches for Precise

Author: Dominic Hargreaves
Revision Date: 2012-01-02 15:05:48 UTC

* Add Recommends on all Apache-related modules; although any one can
  be used to produce a working configuration, installing them all will
  result in less confusion (LP: #769765)
* Restore database disconnection state after successful safe_run_child;
  fixes problems with mod_perl + PostgreSQL + mod_ssl. Thanks to
  Alex Vandiver (Closes: #632129)

Author: Dominic Hargreaves
Revision Date: 2012-06-04 14:17:58 UTC

* Multiple security fixes for:
  - XSS vulnerabilities (CVE-2011-2083)
  - information disclosure vulnerabilities including password hash
    exposure and correspondence disclosure to privileged users
    (CVE-2011-2084)
  - CSRF vulnerabilities allowing information disclosure,
    privilege escalation, and arbitrary code execution. Original
    behaviour may be restored by setting $RestrictReferrer to 0 for
    installations which rely on it (CVE-2011-2085)
  - remote code execution vulnerabilities including in VERP
    functionality (CVE-2011-4458)
* Add vulnerable-password and clean-user-txns scripts to accompany
  above fixes, and run in postinst

Author: Dominic Hargreaves
Revision Date: 2012-06-04 14:17:58 UTC

* Multiple security fixes for:
  - XSS vulnerabilities (CVE-2011-2083)
  - information disclosure vulnerabilities including password hash
    exposure and correspondence disclosure to privileged users
    (CVE-2011-2084)
  - CSRF vulnerabilities allowing information disclosure,
    privilege escalation, and arbitrary code execution. Original
    behaviour may be restored by setting $RestrictReferrer to 0 for
    installations which rely on it (CVE-2011-2085)
  - remote code execution vulnerabilities including in VERP
    functionality (CVE-2011-4458)
* Add vulnerable-password and clean-user-txns scripts to accompany
  above fixes, and run in postinst