Please sync viewvc 1.1.5-1 (universe) from Debian unstable (main).
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
viewvc (Ubuntu) |
Fix Released
|
Wishlist
|
Unassigned |
Bug Description
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
affects ubuntu/viewvc
status new
importance wishlist
subscribe ubuntu-sponsors
Please sync viewvc 1.1.5-1 (universe) from Debian unstable (main).
Please sync this package as it fixes multiple CVE's
Changelog since current maverick version 1.0.9-1:
viewvc (1.1.5-1) unstable; urgency=medium
[ John Zaitseff ]
* New upstream release (closes: #532611, #575777, #575787, #576307). This
solves CVE-2010-0004, CVE-2010-0005, CVE-2010-0736 and CVE-2010-0132.
* Extensive rewrite of files in the debian directory. Updated to Debian
policy 3.8.4, updated all control files to Debhelper 7, rewrote
debian/rules for clarity (and to use Debhelper 7).
* Removed all references to Debconf, as previous versions of this
package violated Debian policy (section 10.7.3): /etc/viewvc/
is a conffile, and maintainer scripts must NOT modify it at any time.
* Reorganised the installation files in /usr/lib/viewvc. The CGI
programs are now links to files in /usr/lib/
* Packaged the Apache mod-python modules for optional use (in
/usr/
* Moved the static help documentation ("docroot") from /usr/share/viewvc
to /usr/share/
* Updated the debian/patches subdirectory to remove patches no longer
relevant to ViewVC 1.1.x and to update those that still apply.
* debian/control:
- Removed the dependency on gawk, as that was only required for Debconf
configura
- Demoted the dependency on mime-support to "Suggests": ViewVC can use
it, if appropriately configured, but does not require it.
- Added a suggestion for the python-tk package: viewvc-
uses this when passed the "--gui" flag.
- Modified all dependencies as appropriate. Depend on httpd-cgi, not
httpd, since the viewvc package needs a CGI server. In addition,
python-
- Updated the XS-Python-Version field to "all" (Closes: #570573).
- ViewVC 1.1.x supports only python-pygments as a syntax highlighter,
not enscript. Adjusted dependencies as appropriate.
[ David MartÃnez Moreno ]
* Changed history and added the CVE entry to the changelog for 1.0.9-1.
* debian/control:
- Moved Section to vcs in order to match the overrides.
- Make python-dev dependency just python.
- Removed dummy package viewcvs, it was already dummy in lenny.
* debian/viewcvs.*: Removed.
* debian/NEWS: Fixed version in John's entry and removed old news from 0.9.4.
* debian/
* The new release also addresses in a different way how to show long
annotation messages (closes: #434301).
* Added debian/
occurrences of string exceptions in the code, no longer valid in Python
2.6, the default now (closes: #585366).
-- David MartÃnez Moreno <email address hidden> Fri, 02 Jul 2010 02:24:34 +0200
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (GNU/Linux)
iEYEARECAAYFAkw
i+sAoLyRgXyVR1I
=XBvj
-----END PGP SIGNATURE-----
ACKed. Thanks for your contribution.