-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Format: 1.7 Date: Mon, 17 Mar 2003 20:12:07 +0100 Source: bonsai Binary: bonsai Architecture: source i386 Version: 1.3+cvs20020224-1woody1 Distribution: unstable Urgency: low Maintainer: Rémi Perrot <rperrot@debian.org> Changed-By: Rémi Perrot <rperrot@debian.org> Description: bonsai - The famous Mozilla CVS query tool by web interface Changes: bonsai (1.3+cvs20020224-1woody1) unstable; urgency=low . * Fix security bug that allow remote execution of command as www-data user (see #142317 upstream bug). * Fix security bug that cause absolute path disclosure (see #187230 upstream bug). * Fix security bug that makes Bonsai vulnerable to cross-site scripting attacks (see #146244 and #163573 upstream bug). * Access to parameters page isn't any more allowed without password (see #45579 upstream bug) Files: 18c1aef51bd3415f3a41fb2f231c2b8d 727 web extra bonsai_1.3+cvs20020224-1woody1.dsc 3181f4965555a31773a75c4e41dfb32c 53131 web extra bonsai_1.3+cvs20020224-1woody1.diff.gz 978aa8e6677174a2fed40cbac1525888 154104 web extra bonsai_1.3+cvs20020224-1woody1_i386.deb -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.6 (GNU/Linux) Comment: Pour information voir http://www.gnupg.org iD8DBQE+djhgRo2b307WK/4RAqz6AJ4jbvYM5ktWvN7nd8OVoInhNCElSQCeKhPF IYyl7kBuv9Y/IRpz2uit9aI= =8ksl -----END PGP SIGNATURE----- Accepted: bonsai_1.3+cvs20020224-1woody1.diff.gz to pool/main/b/bonsai/bonsai_1.3+cvs20020224-1woody1.diff.gz bonsai_1.3+cvs20020224-1woody1.dsc to pool/main/b/bonsai/bonsai_1.3+cvs20020224-1woody1.dsc bonsai_1.3+cvs20020224-1woody1_i386.deb to pool/main/b/bonsai/bonsai_1.3+cvs20020224-1woody1_i386.deb -- To UNSUBSCRIBE, email to debian-devel-changes-request@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org