lp:ubuntu/hardy-security/roundcube
- Get this branch:
- bzr branch lp:ubuntu/hardy-security/roundcube
Branch merges
Branch information
Recent revisions
- 9. By Andrew Starr-Bochicchio
-
* SECURITY UPDATE: denial of service (memory consumption) via
crafted size parameters that are used to create a large quota
image - CVE-2008-5620 (LP: #316550)
- debian/patches/ cve-2008- 5620.patch
+ Backported from Debian
* SECURITY UPDATE: allows remote attackers to execute arbitrary
code via crafted input that is processed by the preg_replace
function with the eval switch. - CVE-2008-56-19 (LP: #316550)
- debian/patches/ cve-2008- 5619.patch
+ Backport from Debian. - 8. By Romain Beauxis
-
[ Vincent Bernat ]
* Bug fix: "CVE-2007-6321: Cross-site scripting (XSS) vulnerability",
thanks to Micah Anderson (Closes: #455840). The patch is from
http://lists.roundcube .net/mail- archive/ dev/2007- 12/0000038. html and
provided by Robin Elfrink. It has been modified with some functions
stolen from Squirrelmail.
* Finnish debconf template, thanks to Esko Arajärvi (Closes: #458244).[ Romain Beauxis ]
* Added DM-Upload-Allowed: yes to control file.
* Moved po-debconf to Build-Dep since it is needed for clean
target. Thanks to lintian. - 7. By Romain Beauxis
-
* Thightened dependencies for a safe upgrade
* Finally removed any circular dependency, -db packages no longer pull
a full roundcube install - 6. By Vincent Bernat
-
* New upstream, thanks to Nicolas Stransky (Closes: #447503). This
release support tinymce as HTML editor. Look at README.Debian for more
information.
* Update Galician debconf template, thanks to Jacobo Tarrio (Closes: #447943). - 5. By Vincent Bernat
-
* In respect to policy 12.3, do not put main.inc.php.dist in
/usr/share/doc, thanks to Jonas Smedegaard (Closes: #446502).
* Update German and French debconf templates, thanks to Christian
Perrier (Closes: #446458) and Helge Kreutzmann (Closes: #446532). - 4. By Romain Beauxis
-
* Removed custom unix_timestamp for sqlite: solved upstream
* Debconf templates and debian/control reviewed by the debian-l10n-
english team as part of the Smith review project.
Closes: #426086, #427546, #427546
* Debconf translation updates:
- Galician. Closes: #426140
- Basque. Closes: #426150
- Czech. Closes: #426428
- Portuguese. Closes: #426451
- Arabic. Closes: #427110
- Italian. Closes: #427206
- German. Closes: #427536
- French. Closes: #427736
- Tamil. Closes: #428254
- Russian. Closes: #428364
- Spanish. Closes: #428573 - 3. By Vincent Bernat
-
[ Vincent Bernat ]
* New upstream release
* Update script for sqlite in postinst
[ Romain Beauxis ]
* Fixed dh_link calls
Closes: #423824
* Added custom patch to use php unix timestamp support
with sqlite since UNIX_TIMESTAMP is not supported by sqlite.
* Dropped php4 dependencies - 2. By Vincent Bernat
-
* Fix a security issue by disallowing access to logs.
* First upload to unstable.
Branch metadata
- Branch format:
- Branch format 7
- Repository format:
- Bazaar repository format 2a (needs bzr 1.16 or later)
- Stacked on:
- lp:ubuntu/karmic/roundcube