On Mon, Nov 03, 2008 at 10:27:26AM +0100, Evgeni Golov wrote: > Hi, > > attached you find a NMU I've prepared for pixelpost to fix the Security > issue. > It basically stops shipping the Snoopy class but depends on > libphp-snoopy. > > Xavier, any objections that I'll upload it? Or do you want to handle > this on your own.
Hi Evgeni, Thanks for you very quick patch ;-) I'll build the package right now and upload it directly. Thanks again! Cheers, Xavier > > Regards > Evgeni > diff -u pixelpost-1.7.1/debian/changelog pixelpost-1.7.1/debian/changelog > --- pixelpost-1.7.1/debian/changelog > +++ pixelpost-1.7.1/debian/changelog > @@ -1,3 +1,12 @@ > +pixelpost (1.7.1-4.1) unstable; urgency=low > + > + * Non-maintainer upload. > + * Use libphp-snoppy instead of own copy. > + + Closes: #504171 > + + Fixes: CVE-2008-4796 > + > + -- Evgeni Golov <[EMAIL PROTECTED]> Mon, 03 Nov 2008 09:56:08 +0100 > + > pixelpost (1.7.1-4) unstable; urgency=low > > * Swedish debconf template translation added (Closes: #487744). > diff -u pixelpost-1.7.1/debian/rules pixelpost-1.7.1/debian/rules > --- pixelpost-1.7.1/debian/rules > +++ pixelpost-1.7.1/debian/rules > @@ -24,7 +24,7 @@ > dh_testroot > dh_clean -k > dh_installdirs > - dh_install -XCVS > + dh_install -XCVS -XSnoopy.class.php > #commands to create the media directories > install -m 755 -o www-data -g www-data -d $(GVARDIR)/images > install -m 644 -o www-data -g www-data debian/media-index.html > $(GVARDIR)/images/index.html > diff -u pixelpost-1.7.1/debian/links pixelpost-1.7.1/debian/links > --- pixelpost-1.7.1/debian/links > +++ pixelpost-1.7.1/debian/links > @@ -3,0 +4 @@ > +/usr/share/php/libphp-snoopy/Snoopy.class.php > /usr/share/pixelpost/addons/_defensio/libraries/Snoopy.class.php > diff -u pixelpost-1.7.1/debian/control pixelpost-1.7.1/debian/control > --- pixelpost-1.7.1/debian/control > +++ pixelpost-1.7.1/debian/control > @@ -9,7 +9,7 @@ > > Package: pixelpost > Architecture: all > -Depends: apache2 | apache | apache-ssl | apache-perl | httpd, php5 | php4, > php5-mysql | php4-mysql, dbconfig-common > +Depends: apache2 | apache | apache-ssl | apache-perl | httpd, php5 | php4, > php5-mysql | php4-mysql, dbconfig-common, libphp-snoopy (>= 1.2.4-1) > Recommends: virtual-mysql-server > Description: multi-lingual, fully extensible photoblog application > A photoblog is a web application for presenting your photos in a -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
