-
acidbase (1.2.7-2) unstable; urgency=high
* Urgency high, prevents this package from being removed from sid and
fixes an RC bug.
* Remove the dependency on php-image-color (Closes: #402406)
- remove the link from base_main.php to base_graph_main.php
- do not include base_graph_form.php in base_main.php
- modify base_graph_common.php so that it does not complain so loudly when
Image/Graph is not found. Just say that the functionality is currently
not available in Debian (due to license issues, point to the Bug
report) and say that users that need it will have to install the PEAR
modules.
- document in NEWS.Debian why the graphs have been removed and when will
they be reenabled in the front page.
* Workaround for the name change in dbconfig-common, the base_conf.php
script will substitute 'pgsql' with 'postgres'. This makes it possible
to setup a PostgreSQL configuration properly. (Closes: #402868)
* Introduce a space before the Homepage
-- Ubuntu Archive Auto-Sync <email address hidden> Thu, 14 Dec 2006 12:00:32 +0000
-
acidbase (1.2.7-1) unstable; urgency=high
* New upstream release.
[ David Gil ]
* Depend on all database clients supported by the package until a better
solution is adopted. See bugs #353617,#398634 for the discussion.
Thanks to Lucas Nussbaum, Andreas Henriksson, Steinar H. Gunderson and
Sean Finney for their work on this. (Closes: #398619)
* Updated French debconf template translation (Closes: #395055).
* RC bug fixed, urgency high.
[ Javier Fernandez-Sanguino ]
* Remove extra space in debian/control before the Homepage
* Add the license and author of the new contrib modules (for using
snort unified files) included in this base release in debian/copyright
-- Ubuntu Archive Auto-Sync <email address hidden> Mon, 27 Nov 2006 07:48:57 +0000
-
acidbase (1.2.6-1) unstable; urgency=low
* New upstream release.
* Acknowledge NMU, thanks to Steinar H. Gunderson (Closes: #389544).
* Updated translations:
- debian/templates: Don't mark all choices as traslatables.
Applied a patch from Thomas Huriaux, thanks! (Closes: #377636)
- debian/po/sv.po: Updated Swedish debconf translation.
Thanks to Daniel Nylander (Closes: #375746).
- debian/po/es.po: Updated Spanish debconf translation.
- debian/po/cs.po: Updated Czech debconf translation.
Thanks to Miroslav Kure (Closes: #389202).
(This was applied in the last NMU but not commented in the changelog)
* debian/control: Add extra space before Homepage at package description.
acidbase (1.2.5-1.1) unstable; urgency=medium
* Non-maintainer upload.
* Make config and postrm scripts check for the existence of dbconfig-common
before attempting to use it. (Closes: #388219)
-- Ubuntu Archive Auto-Sync <email address hidden> Tue, 07 Nov 2006 00:47:55 +0000
-
acidbase (1.2.5-1) unstable; urgency=high
* New upstream release, wich includes the following security improvements:
+ Added XSSPrintSafe() (array safe htmlspecilchars() function) and made
filterSql() use ADOdb qmagic()
+ Filtered all unfiltred (mainly auth system stuff) $_POST and $_GET
variables using filterSql()
+ Santized all $_SERVER variables to be protected against XSS attacks
These improvements fix the following security bugs:
+ Cross-site scripting (XSS) vulnerability (CVE-2006-1590)
(Closes: #363548).
+ Remote File Inclusion Vulnerabilities (CVE-2006-2685)
(Closes: #370576).
* debian/patches/02_update_external_links.dpatch : updated.
* Applied part of the patch from Paul Wise <email address hidden>:
+ Remove short description from long description
+ Update copyright file with more information
* Bump Standards-Version to 3.7.2 (no policy-related changes needed).
* Fix an annoying dbconfig-common error: Add dbc_dbtypes variable in
mantainer scripts, not only in config file.
This is related to bug #372948 (dbconfig-common: can not determine the
database type).
* Remove ucf file under /etc/acidbase on package purge.
acidbase (1.2.4-1) unstable; urgency=high
* New upstream release, which fixes many bugs including the following security bug:
- base_maintenance.php in BASE before 1.2.4 (melissa), when running in
standalone mode, allows remote attackers to bypass authentication,
possibly by setting the standalone parameter to "yes".
This fixes CVE-2006-1505 (Closes: #361139.)
* Added patch to fix a warning replacing strings in CleanVariable:
- debian/patches/03_fix_warning_in_CleanVariable.dpatch: added.
- debian/patches/00list: updated.
* Now base_conf.php has all its strings quoted with ' instead of ":
- debian/patches/01_default_config.dpatch: updated.
- debian/patches/02_update_external_links.dpatch: updated.
[ Javier Fernandez-Sanguino ]
* Po-debconf translation updates:
- Swedish by Daniel Nylander (Closes: #348881)
- Portuguese by Miguel Figueiredo (Closes: #349597)
- French by "Steve" (Closes: #351230, #366432)
acidbase (1.2.2-1) unstable; urgency=low
* New upstream release:
+ Fixed issue with signature names (Closes: #352246).
+ Fixed auto-refresh ignored for stat pages.
+ Fixed Sort order issues.
+ Added Portscan Information.
* First attempt at dbconfig-common support (Closes: #350376).
* Some templates have been rewritten in order to follow the developers
reference (Closes: #344052).
* patches/04_fix_sql_injection.dpatch: dropped, included upstream.
[ Javier Fernandez-Sanguino ]
* Update Spanish po-debconf translation
-- Ubuntu Archive Auto-Sync <email address hidden> Thu, 15 Jun 2006 14:02:11 +0100
