lp:ubuntu/jaunty-updates/horde3

Branch merges

Propose for merging

No branches dependent on this one.

Related source package recipes

No recipes using this branch. (?)

Create packaging recipe

Related snap packages

Related bugs

Related blueprints

17. By Jamie Strandboge on 2010-01-19

fake sync from Debian

16. By Jamie Strandboge on 2009-10-06

fake sync from Debian

15. By Gregory Colpart <email address hidden> on 2009-01-29

* Add informations in README.Debian about test.php files: these files should
  not be "allow from all", because test.php includes private informations and
  could be unsafe (for example see CVE-2008-4182).
* Include a patch from Horde upstream to fix an IE-only hole in XSS filter
  (See CVE-2008-5917 for more information). (Closes: #512592)
* Include patches from Horde upstream to fix a file inclusion issue in
  Horde_Image driver name (Image/Image.php) and an unescaped output in
  the tag cloud block (services/portal/cloud_search.php). (Closes: #513265)

14. By Gregory Colpart <email address hidden> on 2008-09-22

* New upstream release.
* This version is mainly for fixing two security bugs: unescaped output in
  the MIME library and improve the XSS filter for HTML (See CVE-2008-3823 for
  more information). (Closes: #499579)
* Add changelog entry with CVE ID in changelog for 3.2.1+debian0-1.
* Fix misspelling in Recommends: field. (Closes: #499001)
* Improve upgrade path Etch->Lenny with forcing to show diff of
  /etc/horde/horde3/registry.php because all horde components are now
  inactive by default. (Closes: #493885)
* Change Gregory Colpart's email address in debian/control file.

13. By Gregory Colpart (evolix) on 2008-06-14

* New upstream release.
* This new version has major changes compared to the previous version: an
  alarm system that can send email, generate inline notifications, and play
  sounds for events in any Horde application; support for read and write
  databases; operation when the database is down; many performance
  improvements, several slick new themes; WCAG 1.0 Priority 2/Section 508
  accessibility guidelines compliance; full Kolab webclient support; many
  improvements in the JavaScript and user interface; a new tree view for
  Help along with keyword search; support for memcache clustering; and many,
  many bug fixes and small enhancements.
* With this new version: remove of backported patch for correcting invalid
  entities in es_ES (#461400) and manual merge for
  config/mime_drivers.php.dist and config.conf.xml for keeping Debian
  specific patches.
* Thanks to Mathieu Parent <email address hidden> for his help/patches for
  this package.
* Repack upstream source to remove fckeditor, tinymce and scriptaculous
  (size of upstream source is now instead 7 Mo instead of 8 Mo).
* Added a check in debian/rules to make sure that those external libs are not
  in the orig.tar.gz
* A lot of improvements in debian/copyright file.
* Some adjustements in debian/rules: remove exec rights for xml/png/gif/css/
  js/jpg/html/htm files, no more need to remove empty directories and copy
  CREDITS file.
* Link some *.js files with libjs-scriptaculous package.
* Link editors (tinymce and fckeditor) with tinymce2 and fckeditor packages.
* Add unrtf and libwpd-tools in "Suggests" field.
* Add patch to keep PAM authentication stays compatible with precedent
  version (and with php5-auth-pam package). Add php5-auth-pam to Suggests:
  field.
* Update to standards version 3.8.0, no further required changes.

12. By Gregory Colpart (evolix) on 2008-03-15

* New upstream release.
* This new version has security fix: fix arbitrary file inclusion through
  abuse of the theme preference (see CVE-2008-1284 for more informations).
  (Closes: #470640)
* Fix typo in debian/rules comments.
* Add php-net-imap package in "Suggests" field. (Closes: #470283)
* Add libgeoip1 package in "Suggests" field. (Closes: #376935)

11. By Gregory Colpart (evolix) on 2008-01-20

* New upstream release.
* This new version has security fixes : privilege escalation in the Horde
  API and XSS vulnerabilities (see CVE-2007-6018 for more informations).
  (Closes: #461131)
* This new version fixes also translation error in it_IT locale
  (Closes: #459555)
* Import fix from Horde CVS to correct invalid entities in es_ES
  translantion (thanks to Adrian Santos Marrero <email address hidden>)
  (Closes: #461400)
* Update to standards version 3.7.3, no further required changes.
* Use now Vcs-* fields in debian/control.
* Remove empty directories which causes lintian warnings.
* Bump debhelper compat level to 5.
* Add Homepage field.

10. By Gregory Colpart (evolix) on 2007-07-16

* New upstream release.
* Transition to PHP5 for Recommends and Suggests fields. (Closes: #432237)
* Remove old phpapi-* from Depends: (Closes: #420644)
* Clean Depends, Recommends and Suggests fields.
* Remove exec right for XML files in debian/rules.
* Add locales in Recommends.
* Disable upstream _detect_webroot() function (unsable in Debian).
* Fix XSS vulnerability. See CVE-2007-1473 for more information.
  (Closes: #434045)

9. By Ola Lundqvist on 2007-05-21

Changed webroot from /horde to /horde3, especially regarding cookie
handling, closes: #391493.

8. By Ola Lundqvist on 2007-03-24

Correction for arbitrary file deletion vulnerability,
closes: #415116. Thanks to Paul TBBle Hampson <email address hidden>
for providing the patch.