Change log for bugzilla package in Debian
| 1 → 28 of 28 results | First • Previous • Next • Last |
| Deleted in squeeze-release (Reason: None provided.) |
bugzilla (3.6.2.0-4.6) stable; urgency=low
* Non-maintainer upload.
* bugzilla3: Add Depends: liburi-perl. URI.pm is used during package
configuration. (Closes: #646837)
-- Andreas Beckmann <email address hidden> Thu, 14 Feb 2013 12:05:40 +0100
| Superseded in squeeze-release |
bugzilla (3.6.2.0-4.5) stable; urgency=low
* Non-maintainer upload.
* Add security patches:
- 87_cve-2011-3657.sh
Tabular and graphical reports, as well as new charts have
a debug mode which displays raw data as plain text. This
text is not correctly escaped and a crafted URL could
use this vulnerability to inject code leading to XSS.
- 88_cve-2011-3667.sh
The User.offer_account_by_email WebService method ignores
the user_can_create_account setting of the authentication
method and generates an email with a token in it which the
user can use to create an account. Depending on the
authentication method being active, this could allow the
user to log in using this account.
Installations where the createemailregexp parameter is
empty are not vulnerable to this issue.
-- Jonathan Wiltshire <email address hidden> Sat, 07 Jan 2012 14:16:43 +0000
| Superseded in squeeze-release |
bugzilla (3.6.2.0-4.2) testing-proposed-updates; urgency=low * Non-maintainer upload. * Support for noninteractive mode in Debconf (Closes: #602738) * Add security patches (Closes: #602420): - 50_cve-2010-3172.sh fixes CVE-2010-3172 - 70_cve-2010-3764.sh fixes CVE-2010-3764 (and remove 50_graphdir.sh) -- Mehdi Dogguy <email address hidden> Sat, 25 Dec 2010 22:25:55 +0100
| Superseded in squeeze-release |
bugzilla (3.6.2.0-4.1) testing-proposed-updates; urgency=low * Non-maintainer upload. * Fix pending l10n issues. Debconf translations: - Czech (Michal Simunek). Closes: #605035 - Dutch (Paul Gevers). Closes: #605617 -- Christian Perrier <email address hidden> Sun, 05 Dec 2010 18:40:16 +0100
bugzilla (3.6.3.0-2) unstable; urgency=medium
* Support for noninteractive mode in Debconf. Closes: #602738
* Added missing package dependency against liburi-perl. Removed non exsiting
package option libgd-noxpm-perl.
* Urgency set to medium because previous version is not accepted for
testing.
* Parallel build for Makefiles is working now.
* Surrpress error messages for non existing template directories if
checksetup fails (in noninteractive mode).
* Extensions are not installed by default. They exist as documentation.
-- Raphael Bossek <email address hidden> Sat, 20 Nov 2010 05:51:25 +0100
bugzilla (3.6.3.0-1) unstable; urgency=medium
* New upstream release. Closes: #602420
* Fixed vulnerability CVE-2010-3172:
By inserting a certain string into a URL, it was possible
to inject both headers and content to any browser that
supported "Server Push" (mostly only Gecko-based browsers
like Firefox). This could lead to Cross-Site Scripting
vulnerabilities, and possibly other more dangerous security
issues as well.
* Fixed vulnerability CVE-2010-3764:
The Old Charts system generated graphs with
predictable names into the "graphs/" directory,
which also could be browsed to see its contents.
This allowed unauthorized users to see product
names and charted information about those
products over time.
* Fixed references to YUI components used by language templates.
* Fixed missing images.
* Surrpress error messages at installation stage.
-- Raphael Bossek <email address hidden> Mon, 15 Nov 2010 10:09:20 +0100
bugzilla (3.6.2.0-4) unstable; urgency=low
* Upgrade from Lenny to Squeeze fixed. Closes: #600170
* Password may contain special charactres. Closes: #594583
* Suppress cron messages for non existing directories. Closes: #595489
* Suppress Germzilla (German translation) version warning.
* [Debconf translation updates]
- Vietnamese (Clytie Siddall) Closes: #598479
-- Raphael Bossek <email address hidden> Wed, 27 Oct 2010 16:41:31 +0200
bugzilla (3.6.2.0-3) unstable; urgency=low
* [Debconf translation updates]
- Spanish (Francisco Javier Cuadrado). Closes: #594766, #595230
- German (Helge Kreutzmann). Closes: #595186
- French (Christian Perrier). Closes: #594929
- Russian (Yuri Kozlov). Closes: #595261
- Czeck (Michal Simunek). Closes: #595277
- Swedish (Martin Bagge). Closes: #595350
- Italian (Vincenzo Campanella).
- Danish (Joe Dalton). Closes: #595383
- Basque (Iñaki Larrañaga Murgoitio).
- Brazilian Portuguese (Adriano Rafael Gomes). Closes: #596436
- Portuguese (Miguel Figueiredo). Closes: #596279
-- Raphael Bossek <email address hidden> Thu, 02 Sep 2010 09:48:42 +0200
bugzilla (3.6.2.0-2) unstable; urgency=low
* Check for Bugzilla password length added; at least 6 characters are
required. LP: #623416
* Fixed build process of Bugzilla package; added missing executable bit for
debian/create-bugzilla-srcdir script. Closes: #593022
* [Debconf translation updates]
- German (Helge Kreutzmann). Closes: #592901
- Czech (Michal Simunek). Closes: #593206
- Russian (Yuri Kozlov). Closes: #593906
- Swedish (Martin Bagge). Closes: #594081
- French (Christian Perrier). Closes: #594308
-- Raphael Bossek <email address hidden> Thu, 26 Aug 2010 07:36:26 +0200
bugzilla (3.6.2.0-1) unstable; urgency=low
* New upstream release. Closes: #592212
* Increased Standards-Version to 3.9.1; no changes.
* Due to tons of bug reports with missconfigured database server environment
I've disabled the DB check at installation time ($db_check=0) and added
more code to handle database connect errors at installation/configuration
time.
LP: #584827, #546954, #584819
* Bugzilla will be disabled if configuration/installation failes.
Closes: #557357
* [Debconf translation updates]
- Czech (Slavko). Closes: #591943
- Swedish (Martin Bagge). Closes: #592036
- Portuguese. Closes: #592160
-- Raphael Bossek <email address hidden> Sun, 08 Aug 2010 15:38:06 +0200
bugzilla (3.4.7.0-3) unstable; urgency=low
* Fixed permissions on /usr/share/perl5/Bugzilla for old installations.
Closes: #571107
* Fixed access rights for /etc/bugzilla3/localconfig. Closes: #571107
* Using database administrator account to run sanitycheck.pl from daily cron
job; maintainer field is not used anymore. Closes: #560140
* [Debconf translation updates]
- Czech (Jan Outrata). Closes: #590084
- Japanese (Hideki Yamane). Closes: #590228
- Portuguese (Miguel Figueiredo). Closes: #590187
-- Raphael Bossek <email address hidden> Tue, 03 Aug 2010 15:17:46 +0200
bugzilla (3.4.7.0-2) unstable; urgency=low
* Add missing package dependency on libdatetime-perl.
Closes: #589914, #589912
* [Debconf translation updates]
- Russian (Yuri Kozlov). Closes: #589336
- French (Christian Perrier). Closes: #589374
- Czech (typo in filename).
- Finnish (typo in filename).
- Japanese (typo in filename).
- Dutch (typo in filename).
- Portuguese (typo in filename).
- Swedish (Martin Bagge). Closes: #589629
- Ukrainian (typo in filename).
- Vietnamese (type in filename).
- German (Helge Kreutzmann). Closes: #589668
-- Raphael Bossek <email address hidden> Sun, 18 Jul 2010 05:23:36 +0200
| Deleted in experimental-release (Reason: None provided.) |
bugzilla (3.6.1.0-0.1) experimental; urgency=low * New upstream release. -- Raphael Bossek <email address hidden> Sun, 18 Jul 2010 22:33:21 +0200
bugzilla (3.4.7.0-1) unstable; urgency=medium * New upstream release. Closes: #544367 LP: #415451 * Security fixes CVE-2010-1204 CVE-2010-0180; set urgency to medium. Closes: #587663 * Fixed typo. Closes: #568110, #576350 * Fixed translations. Closes: #561518, #561517 * Increased Standards-Version to 3.9.0; no changes. * Switch to dpkg-source 3.0 (quilt) format. -- Raphael Bossek <email address hidden> Tue, 13 Jul 2010 14:56:34 +0200
bugzilla (3.2.5.1-3) unstable; urgency=low * Syntax and spelling corrections to the README.Debian file. Closes: #568110 * Typo on bugzilla3.templates and update of translations. Closes: #576350, #561517 -- Raphael Bossek <email address hidden> Tue, 15 Jun 2010 22:46:43 +0200
| Published in lenny-release |
bugzilla (3.0.4.1-2+lenny2) stable-security; urgency=high
* Non-maintainer upload by the Security Team.
* Fixed SQL injection vulnerability in the Bug.create WebService function
CVE-2009-3165, Closes: #547132
-- Giuseppe Iuculano <email address hidden> Fri, 16 Oct 2009 18:59:23 +0200
bugzilla (3.2.5.1-2) unstable; urgency=low
* Fixed dash compatibility within ../bugzilla3/lib/checksetup.pl.
Closes: #558238
-- Raphael Bossek <email address hidden> Sun, 29 Nov 2009 13:56:03 +0100
bugzilla (3.2.5.1-1) unstable; urgency=low
* Do not change user/group and modes within /etc/cron.daily/bugzilla3. This
scripts are started with www-data user and the files are created with the
same security level. Closes: #556408
* Fixed post-checksetup.d/15restoredpkgstatoverride script. Closes: #557243
* Execute daily /usr/share/bugzilla3/lib/whine.pl.
* Surrpress stdout of whineatnews.pl and whine.pl in cron.daily/bugzilla3.
* If a configuration variable is missing in /etc/bugzilla3/localconfig the
upgrade fails; /etc/bugzilla3/params is not created and checksetup.pl
exit. LP: #419826 Closes: #557289, #538289
* Deconfigure dbcommon-config created database. Closes: #557361
* Added BG langauge pack.
* Scripts exit with error code where an error occured.
* Fixed/Added usage of dbconfig-common prerm scripts.
* Removed obsolate sym-link usr/lib/cgi-bin/bugzilla3/webdot.
-- Raphael Bossek <email address hidden> Tue, 24 Nov 2009 08:41:13 +0100
bugzilla (3.2.5.0-2) unstable; urgency=low
* Restored /usr/share/bugzilla3/debian directory; it's not a file.
Installation of the package from scratch failed.
Closes: #555418
* Improved processing with dbconfig-common in case of missing access rights
to the database. Closes: #532753
* Dependency graph URL fixed. Closes: #555198
* Fixed dependencies on libemail-mime-perl. Closes: #555800
* (Ubuntu) Suppress output of users/passwords. LP: #415500
* (Ubuntu) Installation procedure improved/fixed. LP: #419826
* Debconf translation updates
- Italian (Vincenzo Campanella) Closes: #556093
* Removed unnecessary rewrite rules from README.Debian. Closes: #555306
* Fixed default index.html file with refresh to /bugzilla3/index.cgi
* Add the compleate contrib content to /usr/share/bugzilla3/contrib.
* Removed bugzilla3.copyright & bugzilla3-doc.copyright; uses copyright
[ NEWS.Debian]
* Added /usr/share/doc/bugzilla3/examples/30_unconfiredm_allways.sh script
as an example how to customize bugzilla3 installations.
* Uses dpkg-statoverride for files/directory to give the admin more control
over the access rights of package files. checksetup_nondebian.pl does not
change access rights and modes of files anymore. Please check the
/etc/bugzilla3/post-checksetup.d/10setdefaultdpkgstatoverride and
15restoredpkgstatoverride scripts. Closes: #550085
* Added support for custom templates (and skins); use the
/etc/bugzilla3/template and /etc/bugzilla3/skins directories. The
/etc/bugzilla3/pre-checksetup.d/30copyetcskins and 30copyetctemplate copy
the content to the right locations. LP: #413065
-- Raphael Bossek <email address hidden> Sun, 15 Nov 2009 12:34:09 +0100
bugzilla (3.2.5.0-1) unstable; urgency=medium
* Increased Standards-Version to 3.8.3; no changes.
* Fixed creation of /etc/bugzilla3/localconfig from debconf settings.
* In case where access to database is protected the user/password is revoked
und recreated again; dpkg-reconfigure -phigh bugzilla3.
* Removed dependency against libemail-reply-perl.
* Changed processing of /etc/bugzilla3/localconfig. Closes: #538286
* Fixed usage of skins by moving away from /cgi-bin/bugzilla3/.
Closes: #495107
* Support for new version of Germzilla added. Closes: #522401
* Added support for 2 digit version numbers for uscan. Closes: #539401
* libtemplate-plugin-gd-perl is recomended. Closes: #539440
* Uses Debian's YUI files for security concerns with JavaScript.
Closes: #544987, #544870
* The post-checksetup.d/10permissions script fix directory/file access
rights. Closes: #550045
* Fixed typo in checksetup(_debian).sh script. Closes: #550055
* Include path /usr/share/bugzilla3 added. Closes: #549700
* The localhost mta/smtp/email server have to accept email sending.
Closes: #522455
* Fixed SQL injection vulnerability in the Bug.create WebService function
CVE-2009-3165, Closes: #547132
* Fixed typo in recomends (imagemagick). Closes: #554965
[ NEWS.Debian ]
* The directory /usr/lib/cgi-bin/bugzilla3 moved to
/usr/share/bugzilla3/web. The /usr/share/doc/bugzilla3/examples/basic.conf
file show the changes mandatory for apache2.
This change was required to be able to install bugzilla3 for apache2
out-of-the box with apache2 default setup for /cgi-bin/ directory.
Closes: #520935
* New basic.conf/vh-basic.conf files fix /cgi-bin/ issues with default
apache2 configuration. Closes: #511839
* urlbase (/etc/bugzilla3/param) changed from /cgi-bin/bugzilla3/ to
/bugzilla3/.
* docs_urlbase (/etc/bugzilla3/param) changed from
/docs/bugzilla3-doc/%lang%/html to /doc/bugzilla3-doc/%lang%/html with
changed directory structure within bugzilla3-doc. Closes: #511839
* The directories /etc/bugzilla3/pre-checksetup.d and
/etc/bugzilla3/post-checksetup.d contain executables which are started in
alphanumerical order befor and after checksetup.pl is called. Save your
own scripts which should be executed if checksetup.pl is called, e.g.
while upgrade of the package.
* /usr/share/bugzilla3/lib/sanitycheck.pl added; will be executed daily.
Closes: #550071
-- Raphael Bossek <email address hidden> Fri, 06 Nov 2009 20:47:23 +0100
| Superseded in sid-release |
bugzilla (3.2.4.0-3+nmu1) unstable; urgency=low
* Non-maintainer upload
* Debconf templates and debian/control reviewed by the debian-l10n-
english team as part of the Smith review project. Closes: #541769
* Drop extra text at the end of README.Debian. Closes: #550056
* [Debconf translation updates]
- Swedish (Martin Bagge). Closes: #543407
- Basque (Piarres Beobide). Closes: #543633
- German (Helge Kreutzmann). Closes: #543726
- Portuguese (Miguel Figueiredo). Closes: #544153
- Czech (Jan Outrata). Closes: #544211
- Japanese (Hideki Yamane (Debian-JP)). Closes: #544492
- French (Florentin Duneau). Closes: #544742
- Spanish (Francisco Javier Cuadrado). Closes: #544881
- Ukrainian (Artem Ustinov). Closes: #544952
- Dutch (Paul Gevers). Closes: #545049
- Russian (Yuri Kozlov). Closes: #537924, #545170
- Finnish (Esko Arajärvi). Closes: #545365
- Vietnamese (Clytie Siddall). Closes: #547870
-- Christian Perrier <email address hidden> Mon, 19 Oct 2009 23:10:25 +0200
bugzilla (3.2.4.0-3) unstable; urgency=medium
* Changed processing of Status/Resolution field changes. I hope this
modification is less disturbing for 99% of typical installations.
* Fixed ucf warning. Closes: #521855
* (Ubuntu) Fixed processing of manual checksetup.pl execution.
LP: #398892, #394972, #394846, #367476, #301909, #317963, #313310
* (Ubuntu) Installation of outstanding packages is not supported.
LP: #389962
* (Ubuntu) perl-modules=5.10.0-24 provides the CGI package of version 3.29
which is not enought to bugzilla. For Perl 5.10 version 3.33 of CGI
package is required. LP: #386620
* (Ubuntu) Added cvs and imagepagick to Recommends. LP: #386598
* (Ubuntu) Applied example from Rolf Leggewie for vh-basic.conf. LP: #386608
* (Ubuntu) Restart of apache2 added. LP: #300566
* (Ubuntu) Processing of templates fixed by pre-checksetup.d script.
LP: #302192
* (Ubuntu) The sym-link /usr/share/bugzilla3/web/data ->
/var/lib/bugzilla3/data is valid. LP: #386592
* (Ubuntu) Sendmail support is fixed upstream. LP: #281379
* (Ubuntu) Change file permissions for skins after checksetup.pl call.
LP: #314123
* (Ubuntu) Fixed file permissions in /etc/bugzilla3. LP: #386604
-- Raphael Bossek <email address hidden> Sun, 19 Jul 2009 20:30:16 +0200
bugzilla (3.2.4.0-2) unstable; urgency=medium
* Fixed checksetup.pl script.
* Changed severity to medium for security reasons fixed with new upstream
release.
-- Raphael Bossek <email address hidden> Sun, 19 Jul 2009 12:39:42 +0200
bugzilla (3.2.4.0-1) unstable; urgency=low
* New upstream version. Closes: #528228
* Removed uploaders; nobody else maintains this package.
Closes: #521431, #536122
* Added libmail-sendmail-perl dependency. Closes: #516101
* Change access rights within cron's daily script. Closes: #516135
* Added dependency on an non-existing package libemail-reply-perl. This
package will RFP later but can be build with dh-make-perl in the meantime.
To satisfy the dependencies libemail-mime-creator-perl will be installed
instead and should be removed later. Closes: #528780
* Revert access right /usr/share/bugzilla3/lib and /usr/share/perl5/Bugzilla
to 0775. Closes: #533394
* Removed VirtualHost section from basic.conf. Closes: #511839
* Removed bashishm from debian/rules. Closes: #535373
* Updated Czech translation of bugzilla debconf messages. Closes: #535859
* Spanish debconf template translation for bugzilla. Closes: #515313
* Vietnamese debconf templates translation update. Closes: #509436
* Update to 3.8.2 standard without changes.
-- Raphael Bossek <email address hidden> Fri, 17 Jul 2009 21:52:19 +0200
bugzilla (3.2.0.1-1) unstable; urgency=low
* Debconf templates and debian/control reviewed by the debian-l10n-
english team as part of the Smith review project. Closes: #507533
* [Debconf translation updates]
- German. Closes: #507594
- Swedish. Closes: #506601
- Japanese. Closes: #507773
- Portuguese. Closes: #507813, #508317
- French. Closes: #508164
- Russian. Closes: #508290
- Italian. Closes: #508530
- Basque. Closes: #508892
* Fixed skin support. Closes: #509020
* checksetup.pl is now a wrapper shell script which run-parts
/usr/share/bugzilla3/debian/{pre,post}-checksetup.d directories. Scripts
in those directories take care about the configuration. The configuration
variable webdotbase is preset to the right value. Closes: #494091
* If Status/Resolution filds were modified, checksetup.pl is *not* started
but installation procedure is finished successful. The user have to
restart dpkg-reconfigure bugzilla3 after modified checksetup_nondebian.pl.
* If package is installed from scratch the /etc/apache2/conf.d/bugzilla3 is
sym-linked to /usr/share/doc/bugzilla3/examples/basic.conf. Bugzilla works
out of the box in this case.
* Support for PostgreSQL is missing right now (see bug 511331) but it's
possible right now to install this package without db-config support and do
everthing manually. Closes: #507555
-- Raphael Bossek <email address hidden> Sat, 10 Jan 2009 16:37:54 +0100
| Superseded in sid-release |
bugzilla (3.2.0.0~rc2-1) unstable; urgency=low * Update to new release. -- Raphael Bossek <email address hidden> Wed, 19 Nov 2008 07:51:06 +0100
bugzilla (3.0.5.0-1) unstable; urgency=low * New upstream release. * Fixed processing of dbconfig-common in postrm script. -- Raphael Bossek <email address hidden> Fri, 03 Oct 2008 12:21:22 +0200
| Superseded in lenny-release |
bugzilla (3.0.4.1-2+lenny1) testing-security; urgency=high
* Non-maintainer upload by the Security Team.
* Add upstream patch to 32_importxml.sh to filter out all leading path
data from the filename passed to importxml.pl to prevent directory
traversal attacks (CVE-2008-4437; Closes: #502019).
-- Nico Golde <email address hidden> Tue, 14 Oct 2008 12:12:35 +0200
| 1 → 28 of 28 results | First • Previous • Next • Last |
