-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Format: 1.7 Date: Sat, 4 Nov 2006 01:10:20 +0100 Source: bugzilla Binary: bugzilla bugzilla-doc Architecture: source all Version: 2.22.1-1 Distribution: unstable Urgency: high Maintainer: Debian Webapps Team <webapps-common-packages@lists.alioth.debian.org> Changed-By: Alexis Sukrieh <sukria@debian.org> Description: bugzilla - web-based bug tracking system bugzilla-doc - comprehensive guide to Bugzilla Changes: bugzilla (2.22.1-1) unstable; urgency=high . * New upstream release (2.22.1) fixes several security issues (hence the high priority) + CVE-2006-5455: Cross-site request forgery (CSRF) vulnerability in `editversions.cgi'. + CVE-2006-5454: Previous versions allow remote attackers to obtain the description of arbitrary attachments. + CVE-2006-5453: Multiple cross-site scripting (XSS) vulnerabilities. (bug #395094 now affects only sarge) * Depends on libtemplate-perl (>= 2.10) * Depends on libmailtools-perl (>= 1.67) Files: 885349f926cc017c62cc042fe8bf19bd 772 web optional bugzilla_2.22.1-1.dsc c5b0baf3d7f7a7bc06d186f8165cd1df 1938535 web optional bugzilla_2.22.1.orig.tar.gz a1365390a542757d7d56a3a050ec68f0 66653 web optional bugzilla_2.22.1-1.diff.gz 51f2ac74cefb8c55ef27bd07a14700c1 821510 web optional bugzilla_2.22.1-1_all.deb 30dfb1cd2b26ae3a351444e96ff4994f 615188 doc optional bugzilla-doc_2.22.1-1_all.deb -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.5 (GNU/Linux) iD8DBQFFS9syRg1L1x7l3TQRAsAgAKCpqZweKDg2OFjxpI/aKIVxSOciIwCfWkqH FLGQb2RnGd0KgPkeSK/IFmg= =cW1k -----END PGP SIGNATURE----- Accepted: bugzilla-doc_2.22.1-1_all.deb to pool/main/b/bugzilla/bugzilla-doc_2.22.1-1_all.deb bugzilla_2.22.1-1.diff.gz to pool/main/b/bugzilla/bugzilla_2.22.1-1.diff.gz bugzilla_2.22.1-1.dsc to pool/main/b/bugzilla/bugzilla_2.22.1-1.dsc bugzilla_2.22.1-1_all.deb to pool/main/b/bugzilla/bugzilla_2.22.1-1_all.deb bugzilla_2.22.1.orig.tar.gz to pool/main/b/bugzilla/bugzilla_2.22.1.orig.tar.gz