Accepted lurker 2.1-2 (source i386)

Tue, 14 Mar 2006 06:30:58 -0800 

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Format: 1.7
Date: Tue, 14 Mar 2006 13:26:58 +0100
Source: lurker
Binary: lurker
Architecture: source i386
Version: 2.1-2
Distribution: unstable
Urgency: low
Maintainer: Jonas Meurer <[EMAIL PROTECTED]>
Changed-By: Jonas Meurer <[EMAIL PROTECTED]>
Description: 
 lurker     - Archive tool for mailing lists with search engine
Changes: 
 lurker (2.1-2) unstable; urgency=low
 .
   * release 2.1-1 fixed the following security issues:
     - Since the configuration file needs to be specified in the URL and
       lines not understood are exposed in an error message lurker was
       able to display all files that are readable for the www-data user
       and group. (CVE-2006-1062)
     - It is possible for a remote attacker to create or overwrite files
       in any writable directory that is named "mbox". (CVE-2006-1063)
     - Missing input sanitising allows an attacker to inject arbitrary
       web script or HTML. (CVE-2006-1064)
   * rename luker-index-mm to lurker-index-lc. drop support for automatical
     list configuration for new lists. update documentation accordingly.
   * completely rewrite mailman2lurker.pl, rename it to mailman2lurker.
     install mailman2lurker into /usr/bin, provide a manpage.
   * add a note about the delete button in README.Debian.
   * add patches/01_umask.dpatch, which adds the possibility to configure the
     umask for lurker-index and lurker-search in lurker.conf. it fixes also the
     documentation to not suggest to invoke lurker-index via 'sg' any more.
Files: 
 039d62b9573481cca7c67f78671de028 592 mail optional lurker_2.1-2.dsc
 675f26fb019068e116863936c58d73b4 29698 mail optional lurker_2.1-2.diff.gz
 8d51916dad772202fcf76f2c7b3fba36 522442 mail optional lurker_2.1-2_i386.deb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2.2 (GNU/Linux)

iD8DBQFEFrfrd6lUs+JfIQIRApugAJsEDcqOsjt8ivSAQjZMOiJkk9VBLgCgoqFG
MMzthHNSLz5yfMaPMTs7S9E=
=y0Ts
-----END PGP SIGNATURE-----


Accepted:
lurker_2.1-2.diff.gz
  to pool/main/l/lurker/lurker_2.1-2.diff.gz
lurker_2.1-2.dsc
  to pool/main/l/lurker/lurker_2.1-2.dsc
lurker_2.1-2_i386.deb
  to pool/main/l/lurker/lurker_2.1-2_i386.deb


-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

Reply via email to