dotlrn (2.5.0+dfsg-2) unstable; urgency=high
* Fixed severe vulnerability in the api-browser: it was possible to pass
to the query parameter "path" a relative path, which might contain path
traversals like ../../.. . With these all files with read permissions
can be delivered via the server. Applied Patch:
http://fisheye.openacs.org/changelog/OpenACS/?cs=oacs-5-5:gustafn:20101125091953
* Updated translations:
- Japanease. Closes: #602151
- Vietnamese. Closes: #599609
- Czech. Closes: #599608
-- Ubuntu Archive Auto-Sync <email address hidden> Mon, 29 Nov 2010 11:24:37 +0000