-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Format: 1.7 Date: Mon, 12 Jun 2006 21:20:37 +0200 Source: acidbase Binary: acidbase Architecture: source all Version: 1.2.5-1 Distribution: unstable Urgency: high Maintainer: David Gil <dgil@telefonica.net> Changed-By: David Gil <dgil@telefonica.net> Description: acidbase - Basic Analysis and Security Engine Closes: 363548 370576 Changes: acidbase (1.2.5-1) unstable; urgency=high . * New upstream release, wich includes the following security improvements: + Added XSSPrintSafe() (array safe htmlspecilchars() function) and made filterSql() use ADOdb qmagic() + Filtered all unfiltred (mainly auth system stuff) $_POST and $_GET variables using filterSql() + Santized all $_SERVER variables to be protected against XSS attacks These improvements fix the following security bugs: + Cross-site scripting (XSS) vulnerability (CVE-2006-1590) (Closes: #363548). + Remote File Inclusion Vulnerabilities (CVE-2006-2685) (Closes: #370576). . * debian/patches/02_update_external_links.dpatch : updated. . * Applied part of the patch from Paul Wise <pabs3@bonedaddy.net>: + Remove short description from long description + Update copyright file with more information . * Bump Standards-Version to 3.7.2 (no policy-related changes needed). . * Fix an annoying dbconfig-common error: Add dbc_dbtypes variable in mantainer scripts, not only in config file. This is related to bug #372948 (dbconfig-common: can not determine the database type). . * Remove ucf file under /etc/acidbase on package purge. Files: 1627500fb735f4ce19a137031d59c0c3 683 web optional acidbase_1.2.5-1.dsc cd6a83df67106ebf9a148d5ac1ec9b8c 335819 web optional acidbase_1.2.5.orig.tar.gz 3cc7ab0405eaf4e2539f64a175af64f6 14891 web optional acidbase_1.2.5-1.diff.gz 15ce906b026e9bb7d89a4c9dd600e28d 346322 web optional acidbase_1.2.5-1_all.deb -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.2 (GNU/Linux) iD8DBQFEjvmKsandgtyBSwkRAhSVAJ46v7d4R2rcEEMNf+YoI26PdkVpDACfdtKL d9OHPfMIsMKT1oNU4OeTlf4= =YUKe -----END PGP SIGNATURE----- Accepted: acidbase_1.2.5-1.diff.gz to pool/main/a/acidbase/acidbase_1.2.5-1.diff.gz acidbase_1.2.5-1.dsc to pool/main/a/acidbase/acidbase_1.2.5-1.dsc acidbase_1.2.5-1_all.deb to pool/main/a/acidbase/acidbase_1.2.5-1_all.deb acidbase_1.2.5.orig.tar.gz to pool/main/a/acidbase/acidbase_1.2.5.orig.tar.gz