Please sync viewvc 1.1.5-1 (universe) from Debian unstable (main).

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

 affects ubuntu/viewvc
 status new
 importance wishlist
 subscribe ubuntu-sponsors

Please sync viewvc 1.1.5-1 (universe) from Debian unstable (main).

Please sync this package as it fixes multiple CVE's

Changelog since current maverick version 1.0.9-1:

viewvc (1.1.5-1) unstable; urgency=medium

  [ John Zaitseff ]
  * New upstream release (closes: #532611, #575777, #575787, #576307). This
    solves CVE-2010-0004, CVE-2010-0005, CVE-2010-0736 and CVE-2010-0132.
  * Extensive rewrite of files in the debian directory. Updated to Debian
    policy 3.8.4, updated all control files to Debhelper 7, rewrote
    debian/rules for clarity (and to use Debhelper 7).
  * Removed all references to Debconf, as previous versions of this
    package violated Debian policy (section 10.7.3): /etc/viewvc/viewvc.conf
    is a conffile, and maintainer scripts must NOT modify it at any time.
  * Reorganised the installation files in /usr/lib/viewvc. The CGI
    programs are now links to files in /usr/lib/viewvc/cgi-bin.
  * Packaged the Apache mod-python modules for optional use (in
    /usr/lib/viewvc/mod-python). See README.Debian for more information.
  * Moved the static help documentation ("docroot") from /usr/share/viewvc
    to /usr/share/viewvc/docroot, as per Webapps Policy, section 3.1.
  * Updated the debian/patches subdirectory to remove patches no longer
    relevant to ViewVC 1.1.x and to update those that still apply.
  * debian/control:
    - Removed the dependency on gawk, as that was only required for Debconf
      configuration.
    - Demoted the dependency on mime-support to "Suggests": ViewVC can use
      it, if appropriately configured, but does not require it.
    - Added a suggestion for the python-tk package: viewvc-standalone(1)
      uses this when passed the "--gui" flag.
    - Modified all dependencies as appropriate. Depend on httpd-cgi, not
      httpd, since the viewvc package needs a CGI server. In addition,
      python-egenix-mxdatetime is no longer needed (since ViewVC 1.0.x).
    - Updated the XS-Python-Version field to "all" (Closes: #570573).
    - ViewVC 1.1.x supports only python-pygments as a syntax highlighter,
      not enscript. Adjusted dependencies as appropriate.

  [ David Martínez Moreno ]
  * Changed history and added the CVE entry to the changelog for 1.0.9-1.
  * debian/control:
    - Moved Section to vcs in order to match the overrides.
    - Make python-dev dependency just python.
    - Removed dummy package viewcvs, it was already dummy in lenny.
  * debian/viewcvs.*: Removed.
  * debian/NEWS: Fixed version in John's entry and removed old news from 0.9.4.
  * debian/README.source: Added.
  * The new release also addresses in a different way how to show long
    annotation messages (closes: #434301).
  * Added debian/patches/92-no_strings_in_raise for fixing a couple of
    occurrences of string exceptions in the code, no longer valid in Python
    2.6, the default now (closes: #585366).

 -- David Martínez Moreno <email address hidden> Fri, 02 Jul 2010 02:24:34 +0200

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (GNU/Linux)

iEYEARECAAYFAkwt3UQACgkQUlfC4uPMy3TnvQCgiWDixs26n2zyEn5RZsf0K+CG
i+sAoLyRgXyVR1I7EIGLtX/2nMIaDPAw
=XBvj
-----END PGP SIGNATURE-----