lp:ubuntu/edgy-updates/torrentflux
- Get this branch:
- bzr branch lp:ubuntu/edgy-updates/torrentflux
Branch merges
Branch information
Recent revisions
- 4. By Cameron Dale
-
* SECURITY UPDATE: merge many security fixes from Debian (LP: #155491)
* Remove the old 05_sanitize_html_entities. dpatch as it's fix is
included with many more in 06_sanitize_html_entities. dpatch
* Include many security fixes from Debian's 2.1-7
(the following entries are taken from the Debian changelog)
* Fix minor XSS vulnerability in admin.php, issue CVE-2006-5227
(06_sanitize_html_entities. dpatch)
* Updated 06_sanitize_html_entities. dpatch to fix the security
issue CVE-2006-5451
* Fixed the directroy traversal vulnerability, issue CVE-2006-5609
(09_fix_directory_ traversal. dpatch)
* Sanitize file inputs, fixes: CVE-2006-6328, CVE-2006-6329,
CVE-2006-6330, CVE-2006-6598 (10_sanitize_file_input. dpatch)
* Add more security fixes
- some missed previously (11_missed_security_ fixes.dpatch)
- remote command execution in metaInfo.php, issue
CVE-2006-6331 (12_metaInfo_remote_ command. dpatch)
- possible XSS vulnerability due to urldecode, fixes
CVE-2006-6600 (13_possible_xss_vulnerabili ty.dpatch)
- remote command execution in maketorrent.php, fixes
CVE-2006-6599 (14_maketorrent_remote_ command. dpatch)
- more possible fixes just to be safe, fixes CVE-2006-6604
(15_additional_ possible_ fixes.dpatch) - 3. By Kees Cook
-
* SECURITY UPDATE: Vulnerable to cross-site scripting.
* Add 'debian/patches/ 05_sanitize_ html_entities. dpatch' : sanitize User-Agent
and host display in admin.php.
* References
http://www.stevenroddi s.com.au/ 2006/10/ 06/torrentflux- user-agent- xss-vulnerabili ty/ - 2. By Cameron Dale
-
* New upstream release
* Updated dbconfig-common patch for new config file
* Remove config.php from etc as it is no longer a config file
* Add debconf note about updated config location
* Switch to docbook for man pages
* Add manpages for 2 new programs
* Update control for new release features
* Add dependency on mysql-client (temporarily avoids #353617)
* Use variable substitution in debconf templates (Closes: #360694)
* Add lintian override for postinst-uses-db- input
* Upgrade debhelper compatibility to v5
* Add comments to debhelper files
* Fix watch file to work properly
* Change installed docs
* New patch 03_remove_initial_ db_insert
* New patch 04_fix_python_ filename_ dependence
* Add documentation of the database install
Branch metadata
- Branch format:
- Branch format 7
- Repository format:
- Bazaar repository format 2a (needs bzr 1.16 or later)
- Stacked on:
- lp:ubuntu/karmic/torrentflux