-
web2py (2.12.3-1ubuntu0.1) xenial-security; urgency=medium
* SECURITY UPDATE: remote code execution
- debian/patches/CVE-2016-3957-1.patch: more secure sessions in
cookies using json
- debian/patches/CVE-2016-3957-2.patch: restored pickles in sessions
- debian/patches/CVE-2016-3957-3.patch: fixed sessions for long keys
- CVE-2016-3957
- CVE-2016-3954
- CVE-2016-3953
* SECURITY UPDATE: brute force password attack
- debian/patches/CVE-2016-10321.patch: check if host is denied before
verifying passwords
- CVE-2016-10321
* SECURITY UPDATE: information disclosure
- debian/patches/CVE-2016-3952-1.patch: do not leak global settings into
request object
- debian/patches/CVE-2016-3952-2.patch: adding back cmd_options
- debian/patches/CVE-2016-3952-3.patch: simplified beautify example
- debian/patches/CVE-2016-3952-4.patch: fixing error due to removing
global settings from request
- debian/patches/CVE-2016-3952-5.patch: fixing typo on previous patch
- CVE-2016-3952
-- Emilia Torino <email address hidden> Tue, 18 Jun 2019 14:01:55 -0300
-
web2py (2.12.3-1) unstable; urgency=medium
[ José L. Redrejo Rodríguez]
* Removed gtk patch, no needed now as tk looks good on Gnome
* Added extras directory to the instalation
* Added apache configuration file to examples (Closes: #777696)
* Removed python-support references (Closes: #798479)
* Bump Standards-Version to 3.9.6 (no changes needed)
[ Raphael Lechner ]
* New upstream release (Closes: #689658, #772360)
* Refreshed patches
* Add version patch
* Add fix_websocket_messaging patch
-- José L. Redrejo Rodríguez <email address hidden> Sat, 26 Sep 2015 18:56:08 +0200
-
web2py (1.99.7-1) unstable; urgency=low
* New upstream release
* Refreshed gtk_gui and fix_interpreters patches
-- José L. Redrejo Rodríguez <email address hidden> Mon, 12 Mar 2012 12:44:02 +0100
