lp:debian/phpbb2
- Get this branch:
- bzr branch lp:debian/phpbb2
Branch information
- Owner:
- Ubuntu branches
- Status:
- Development
Recent revisions
- 12. By Thijs Kinkhorst
-
Add --debconf-ok switch to ucf rather than tty redirection,
solving hanging postinst on noninteractive installs. Thanks
James Westby for the patch (Closes: #501258). - 11. By Thijs Kinkhorst
-
* Selected patches from upstream 2.0.22 for security issues:
* CVE-2006-6421: Cross-site scripting (XSS) vulnerability in the private
message box implementation (Closes: #402140).
* CVE-2006-6841: Cross Site Request Forgery was possible with some forms.
* CVE-2006-6840: Prevent negative start parameter. Exploitability unknown,
but flagged by upstream as a security fix and a harmless change.
* CVE-2006-6839: Improve check for bad redirection targets, exploitability
unkown, but flagged by upstream as a security fix and a harmless change.
(Closes: #402140)* Added German debconf translation by Matthias Julius (Closes: #404160).
- 10. By Thijs Kinkhorst
-
[ Jeroen van Wolffelaar ]
* Also in comments in apache.conf w.r.t. second board, put the avatar
aliassing before the generic aliassing, because otherwise it won't work.[ Thijs Kinkhorst ]
* Do not set special permissions on gallery path, it works fine without
write- but needs read permission for avatar display (Closes: #395470).
* Add Security section to README.Debian; also add register_globals off
setting for php5 in apache.conf.
* Add 051_only_show_active_ users.diff: do not show users who have registered
but didn't confirm yet / haven't been approved by the admin in the member
list or as the "newest user" (Partially addresses: #391775). - 9. By Thijs Kinkhorst
-
* Medium urgency upload for low-risk, but still, security bug.
* CVE-2006-4758: patch admin/admin_board.php for file upload
vulnerability by administrator (Closes: #388120).
* Add XS-Vcs-Svn-Url header. - 8. By Thijs Kinkhorst
-
Fix postrm scripts to work when debconf is not present anymore
(Closes: #388331). - 7. By Thijs Kinkhorst
-
* New upstream release (Closes: #345359, #375865).
+ Addresses obscure security bug: XSS with onmouseover, only exploitable
with Internet Explorer and Allow HTML on which is highly unrecommended
by this package. (CVE-2005-4357, Closes: #344674, #345359)
+ Obsoletes 027_CVE-2006-1896_ admin_cmd_ exec.diff. * Add 019_disable_
logintries. diff: skip this new feature since it's
incompatible with the database-layout.* [JvW] Add to source package disabled patch to enable visual
confirmation for guest posts if visual confirmation is enabled for
registration
http://www.phpbb. com/files/ mods/guest_ confirmation_ 1_0_1a. mod * Add 101_fix_
german. diff: fixes for German translation, thanks
Mathias Hasselmann (Closes: #363676).
* Add Dutch translation by myself.* Checked for standards version 3.7.2, no changes necessary.
* Update my maintainer address. - 6. By Thijs Kinkhorst
-
* High urgency because of a release critical security bug.
* Fix missing sanitizing of the Font Colour 3 variable in viewtopic.php,
which allowed for PHP code execution by board admins. Found by "noch22".
(Closes: #365533, CVE-2006-1896)* Add Russian debconf translation, thanks Yuriy Talakan' (Closes: #367155).
- 5. By Jeroen van Wolffelaar
-
* Fix compression of SQL schema's, which broke phpbb2-conf-mysql too
(Closes: #341991)
* Fix upgrade of /usr/share/doc/phpbb2/ schemas from dir to symlink by removing
the dir in preinst (Closes: #342081)
* [TK] Russian translation fixes by Alexander Gerasiov (Closes: #336623). - 4. By Thijs Kinkhorst
-
* Security: Fix cross site scripting in [url] and [img] bbcode
(Closes: #308282)
* Jeroen: Change dependencies to work correctly when only having
libapache-mod-php installed, while remaining to work correctly when only
having 'php4' installed (from woody, then) - 3. By Jeroen van Wolffelaar
-
* [CAN-2005-0673] Fix cross-side-
scripting in private message signatures
and in normal posts when users has enabled HTML despite board prohibition,
based on anonymous patch on BugTraq:
http://lists.virus. org/bugtraq- 0503/msg00087. html (Closes: #298690)
* In documentation tell that the initial admin user is 'Admin', not 'admin',
as in PostgreSQL this is significant (Closes: #298512)
Branch metadata
- Branch format:
- Branch format 7
- Repository format:
- Bazaar repository format 2a (needs bzr 1.16 or later)