lp:debian/lenny/dtc

Related source package recipes

No recipes using this branch. (?)

Create packaging recipe

Related snap packages

Related bugs

Related blueprints

8. By Thomas Goirand <email address hidden> on 2011-09-11

* QA upload fixing:
  - Removed old iGlobalWall folder which included unwanted information.
  - Removed sourceless OSX mod_log_sql.so files (Closes: #637469).
  - Fixes lists shell injection issue (Closes: #637477).
  - Sets unix rights to non-world readable for the apache2.conf file,
  since it contains SQL access password (Closes: #637485).
  - Now htmlspecialchars() the output of DNS & MX, preventing a possible
  HTML injection issue (Closes: #637584).
  - Fixes "package installer includes php files in untrusted directories"
  if some package install packages are installed (Closes: #637629, #637630).
  - Adds htmlspecialchars() in the ticket display.
  - Fixes sudo access to chrootuid is giving access to root using the new
  dtc-chroot-wrapper (Closes: #637618).
  - Not using htpasswd -b to create .htpasswd files (Closes: #637537).
  - Checks $_SERVER["addrlink"] input correctly, since it could lead to very
  bad SQL insertion (Closes: #637487 ).
  - Fixes an SQL injection in package installer (Closes: #637632).
  - Fixes an SQL injection in the draw_user_admin.php (Closes: #637669).

7. By Thomas Goirand <email address hidden> on 2011-02-23

* Fixes: CVE-2011-0434: SQL injection in bw_per_month.php graph
* Fixes: CVE-2011-0435: Bandwidth information disclosure in bw_per_month.php
  graph.
* Fixes: CVE-2011-0436: Passwords being emailed to the admin in clear text
  (Closes: #614302).
* Fixes: CVE-2011-0437: Removed dangerous SQL old unused code for ssh
  accounts management.

6. By Thomas Goirand on 2009-01-29

The last debian package was wrongly packaged with a version older than
the 0.29.16 because of some Git mistake (forgot to push before I did the
clone to build the package). This corrects it.

5. By Thomas Goirand on 2008-10-17

* New upstream release with corrections for Lenny, backported from the master
  branch of the Git, to add corrections and not features as follow:
  - Modify depends: so it uses proftpd-mod-mysql as this is the new package
  for proftpd...
  - Solved the INSERT bug for the Money spent accounting functions.
  - Now the add domain or service link is ALWAYS showed.
  - Fixed a bug if adding a new service with a non-debian VPS.
  - Removed list.dsbl.org from default DNSBL as it's dead.
* Removed all trace of php4 dependency, leaving only dependency to php5. This
  is needed as lintian doesn't see "php5-cli | php4-cli" and yell that
  phpX-cli is missing.
* Removed unused debconf template.

4. By Thomas Goirand on 2008-08-26

* New upstream release with corrections for Lenny, backported from the master
  branch of the Git, to add corrections and not features as follow:
  - Big problem with the pending payment thing that was setting things as
  validated when they were in fact just pending.
  - the CPU rrd data collection (the rrd call was commented out)
  - the setup of the default index.php & 404 subdomain files
  - sa-wrapper symlink attack vulnerability fix (Closes: #496362)
  - removed the paylog.txt logging
  - [v0.29.8] phpmyadmin blowfish_secret owner change
  - [v0.29.8] Cleaning the spam folder with -mtime instead of -atime
  - [v0.29.8] Added a full Simplified Chinese translation by Wei Cao
  <email address hidden>, including debconf and the software itself
  - [v0.29.8] Removed the "limit 1" when setting the id_client to zero
  when deleting an admin.
  - [v0.29.8] Solved the mysql users & db deletion bug when deleting an
  admin, removed the old mysql manager code that was remaining.
  - [v0.29.8] Needed a global $pro_mysql_pop_table in the spam folder
  cleanup
  - [v0.29.8] Removed a bug when there is no install log at all that was
  preventing the VPS install tab to be displayed
  - [v0.29.8] Some global variables for the vps table names where missing
  in deleteVPS()
  - [v0.29.8] The cron job needed to be modified for gen_named='yes',
  reload_named='yes' when modifying the wildcard DNS thing.
  - [v0.29.8] A Tags: was still there in debian/control, it's now removed.

3. By Thomas Goirand on 2007-05-17

Changed dependency from libsasl2 to libsasl2-2 (Closes: #420253)

2. By Thomas Goirand on 2007-03-20

* Added Duch template by Bart Cornelis (Closes: #416987)
* Added Czech template by Miroslav Kure (Closes: #416938)
* Added french template by Christian Perrier (Closes: #416734)
* Updated the template reviewed by Christian Perrier (Closes: #415231)
  which works for the debian-l10n-english group (Closes: #402657)
* Added Galician debconf template translation for the package thanks to
  Jacobo Tarrio <email address hidden> (Closes: #415629)
* Added Portuguese debconf template translation for the package thanks to
  Ricardo Silva <email address hidden> (Closes: #415814)
* Updated german debconf template translation for the package thanks to
  Cristian Livadaru
* dtc/conf_mysql_change_root is set to false as per default, as the
  previous release didn't close #414484 as written before
* There has never been saveConfig saving to /root, but I'm writting an
  entry in there in order to close this bug (Closes: #414470)

1. By Thomas Goirand on 2007-03-20

Import upstream version 0.25.3