lp:ubuntu/gutsy/elog

Related source package recipes

No recipes using this branch. (?)

Create packaging recipe

Related snap packages

Related bugs

Related blueprints

8. By Recai Oktas on 2006-11-29

New upstream release grabbed from Subversion (r1764).

7. By Recai Oktas on 2006-11-11

* New upstream release grabbed from Subversion (r1754), includes
  fixes for a bunch of security issues[1]:
  + Fixes from Ulf Harnhammar (Debian Security Audit Project):
    - There are some incorrect handling of *printf() calls and format
      strings. They lead to ELOG crashing completely, with the potential
      of executing arbitrary machine code programs, when a user uploads
      and submits as the first attachment in an entry a file called
      "%n%n%n%n" - or similar - which must not be empty.
    - There is a Cross-site Scripting issue when requesting correctly
      named but non-existant files for downloading.
    - There are also Cross-site Scripting issues when creating new
      entries with New. If a document sends data to ELOG where the fields
      Type and Category contain invalid entries with HTML code, the
      resulting error document will print the Type or Category data as-is
      with no quoting.
  + Fixes from OS2A team (credits go to Jayesh KS and Arun Kethipelly):
    - Remote exploitation of a denial of service vulnerability in ELOG's
      elogd server allows attackers to crash the service, thereby
      preventing legitimate access. (Closes: #397875)
  [1] Leaving #392016 open for the reasons stated in that report.

6. By Recai Oktas on 2006-09-28

* Urgency set to critical because of the security issues.
* New upstream release grabbed from Subversion (r1719).
  + Fix an XSS vulnerability, which occurs when editing a log entry
    in HTML mode. (Closes: #389361)

5. By Recai Oktas on 2006-01-27

* New upstream release grabbed from Subversion (r1642).
  + Really fix the security issue CVE-2005-4439.
* Sigh! Previous upload has some flaws:
  + Install elcode.js and other resoure files. ElCode editor buttons
    should work now (thanks David Prince).
  + debian/update: Modify it to catch such sort of errors.
  + Really remove debian/watch.
  + Fix the pbuilder DEBEMAIL field which made the previous upload appear
    as an NMU.
* Add a Debian spesific note about the usage of password files in Elog.
* Urgency set to critical for security fix.

4. By Recai Oktaş on 2005-07-25

* New upstream beta release with the latest changes from CVS (r1.1716).
  + Features a simple markup called ELCode, a special set of tags to
    format an ELOG entry. The ELCode tags are similar to the BBCode
    tags (phpBB), sometimes also referred as vB code.
* Add Turkish ELOG translation.
* Apply a patch to suppress GCC4-related signedness warnings.
* debian/control:
  + Bump Standarts-Version to 3.6.2.
  + Rewrite description; needs a proof-read by a native English speaker.
* debian/copyright: Clarify the copyright.
* debian/rules:
  + Switch to dephelper compat 4.
  + Get rid of multiple dh_installs by using an '.install' file.
  + Remove the redundant INSTALL_PROGRAM logic.

[These issues were pointed out by Marc 'HE' Brockschmidt; thanks Marc!]

3. By Recai Oktaş on 2005-05-29

* Latest upstream from CVS (r1.674).
  + Includes the fix for a buffer overflow: r1.648.
  + See CVS logs for all changes:
   http://midas.psi.ch/cgi-bin/cvsweb/elog/src/elogd.c
* Urgency set to high because of the security issue.
* Remove redundant debian/dirs file.

2. By Recai Oktaş on 2004-12-26

* Latest upstream from CVS (r1.526). (Closes: #285832, #285834)
* Update elogd(8) and elog(1) for the new options.
* Minor doc fix for elogd.c.

1. By Recai Oktaş on 2004-12-26

Import upstream version 2.5.5+r1526