-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Format: 1.7 Date: Sat, 29 Sep 2007 17:15:07 +0100 Source: phpwiki Binary: phpwiki Architecture: source all Version: 1.3.14-1 Distribution: unstable Urgency: high Maintainer: Matt Brown <mattb@debian.org> Changed-By: Matt Brown <mattb@debian.org> Description: phpwiki - informal collaborative website manager Closes: 416796 418571 418577 424607 429201 438785 439104 441390 441936 444201 Changes: phpwiki (1.3.14-1) unstable; urgency=low . * New upstream release 1.3.14 * Contains fixes for CVE-2007-3193, CVE-2007-2024 and CVE-2007-2025, fixed in NMU by Thijs Kinkhorst. Thanks. * Remove patches merged upstream - 03-dba-open-existing - 07-versiondata-base64-decode - 08-upgrade-remove-user-table - 09-upgrade-sql-syntax-fixes - 10-upgrade-password-portable - 11-upgrade-sqlite-nopass * Drop PHP4 support, add missing libapache2-mod-php5 dependency. (Closes: #438785) * Add Depend on debconf-2.0 for cdebconf support. (Closes: #441936) * Fix debconf template errors. Thanks to Helge Kreutzmann. (Closes: #418571) * New translations: - pt thanks Ricardo Silva (Closes: #416796) - de thanks to Helge Kreutzmann (Closes: #418577) * Updated es translation thanks to Carlos Galisteo (Closes: #424607) * MonoBook theme tested and working OK. (Closes: #444201) * Symlink schemas from dbconfig-common directory to documented locations. (Closes: #439104) . phpwiki (1.3.12p3-6.1) unstable; urgency=high . * NMU by the testing security team, with maintainer approval. * CVE-2007-3193: lib/WikiUser/LDAP.php in PhpWiki before 1.3.13p1, when the configuration lacks a nonzero PASSWORD_LENGTH_MINIMUM, might allow remote attackers to bypass authentication via an empty password, which causes ldap_bind to return true when used with certain LDAP implementations. (Closes: #429201) * CVE-2007-2024, CVE-2007-2025: Unrestricted file upload vulnerability in the UpLoad feature (lib/plugin/UpLoad.php) in PhpWiki 1.3.11p1 allows remote attackers to upload arbitrary PHP files with a double extension, as demonstrated by .php.3, which is interpreted by Apache as being a valid PHP file. (Closes: #441390) Files: 04347ac8719d2738f972d67d4e3171b3 632 web optional phpwiki_1.3.14-1.dsc e6f747756c5534a5ba4d3775098997e0 3388499 web optional phpwiki_1.3.14.orig.tar.gz 54a3ca637dfb2e959274b7b6767e47d1 52505 web optional phpwiki_1.3.14-1.diff.gz 7b6cc548048a0a20c8e37084ee4e906b 3203712 web optional phpwiki_1.3.14-1_all.deb -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.6 (GNU/Linux) iD8DBQFG/oXz/pqN2EBUqwgRArDCAJ9C83t4D/nCDENMZyoqIfCcKl4g+wCfeWbT ejDc30ejG8m2Uw8dDisw0lw= =Axg9 -----END PGP SIGNATURE----- Accepted: phpwiki_1.3.14-1.diff.gz to pool/main/p/phpwiki/phpwiki_1.3.14-1.diff.gz phpwiki_1.3.14-1.dsc to pool/main/p/phpwiki/phpwiki_1.3.14-1.dsc phpwiki_1.3.14-1_all.deb to pool/main/p/phpwiki/phpwiki_1.3.14-1_all.deb phpwiki_1.3.14.orig.tar.gz to pool/main/p/phpwiki/phpwiki_1.3.14.orig.tar.gz
