Please sync php-xajax (0.2.5-4) (universe) from debian unstable main.

Binary package hint: php-xajax

Please sync the latest version from debian as it fixes a CVE.

Changelog since the current jaunty version:

 php-xajax (0.2.5-4) unstable; urgency=medium

   * Urgency set to medium since it possibly fixes a security bug,
     check debian/patches/fix_cross-site_scripting_CVE-2007-2739.dpatch
     for details.

   * Bump Standards-Version to 3.8.0:
     + debian/control: Added Homepage field.

   * debian/control
     + Added Vcs-Svn and Vcs-Browser fields.
     + Updated project homepage.

   * Add dpatch support:
     + debian/control: added dpatch build-dependency
     + debian/rules: added patch/unpatch targets in clean/build
       and include dpatch.make
     + debian/patches/fix_undefined_variable_sresponse.dpatch:
       included previous fixes (0.2.5-2 and 0.2.5-3) as a patch
     + debian/patches/fix_cross-site_scripting_CVE-2007-2739.dpatch:
       Fix properly cross-site scripting in URL input using htmlspecialchars
       This fixes CVE-2007-2739 and Closes: #509024.
     + debian/patches/00list: created and included previous patches

   * debian/rules: Link examples to /usr/share/doc/php-xajax/examples
     and tests to /usr/share/php/tests/xajax (Closes: #391615).
     They are still under /usr/share/php/xajax in order to be ready
     to run out of the box.

   * debian/README.Debian: mention the presence of examples and tests in
     the package and the way to access them.

 -- David Gil <email address hidden> Thu, 25 Dec 2008 13:20:09 +0100