Thanks.
With v7, we have completely removed the library layout
2017-12-03 20:23 GMT+01:00 pitchum :
> Package: dolibarr
> Version: 4.0.2+dfsg4-2
> Severity: important
> Tags: patch
>
> After upgrading from to stretch, module EDM does not work anymore.
> Firefox's webconsole prints this:
> 'TypeEr
Fixed in 6.0.5
2017-12-26 8:00 GMT+01:00 Salvatore Bonaccorso :
> Source: dolibarr
> Version: 3.5.5+dfsg1-1
> Severity: important
> Tags: patch security upstream
>
> Hi,
>
> the following vulnerability was published for dolibarr.
>
> CVE-2017-14242[0]:
> | SQL injection vulnerability in don/list.
Fixed in 6.0.5
2017-12-26 8:11 GMT+01:00 Salvatore Bonaccorso :
> Source: dolibarr
> Version: 3.5.5+dfsg1-1
> Severity: grave
> Tags: patch security upstream
>
> Hi,
>
> the following vulnerabilities were published for dolibarr, filling
> only one bug for the four CVEs since afaict the common set
Fixed in 6.0.5
2017-12-26 8:38 GMT+01:00 Salvatore Bonaccorso :
> Source: dolibarr
> Version: 3.5.5+dfsg1-1
> Severity: grave
> Tags: patch security upstream
>
> Hi,
>
> the following vulnerabilities were published for dolibarr.
>
> CVE-2017-17897[0]:
> | SQL injection vulnerability in comm/multi
Bug was fixed in official version 4.0.6. An upstream must be done to debian
package
2017-05-09 20:27 GMT+02:00 Maximilian Stein :
> Package: dolibarr
> Version: 4.0.2+dfsg4-2
> Severity: normal
>
> Dear Maintainer,
>
> After having added a customer in Dolibarr, I gave this customer an
> absolute
K_TCPDF_CALLS_IN_HTML to false.
+Author: Laurent Destailleur
+Forwarded: not-needed
+Last-Update: 2013-07-29
+---
+This patch header follows DEP-3: http://dep.debian.net/deps/dep3/
+--- a/config/tcpdf_config.php
b/config/tcpdf_config.php
+@@ -210,7 +210,7 @@
+ * If true allows to call TCPDF
patch. Non regression tested with success on
package "dolibarr" and "phpmyadmin".
Description: Set default value of K_TCPDF_CALLS_IN_HTML to false.
Author: Laurent Destailleur
Forwarded: not-needed
Last-Update: 2013-07-29
---
This patch header follows DEP-3: http://dep.debian.
Hum strange.
php-xml package is not related to unicode. Don't you install another
package ?
Le 20 mars 2017 9:03 PM, "Maximilian Stein" a écrit :
Package: dolibarr
Version: 4.0.2+dfsg4-2
Severity: normal
Dear Maintainer,
after having installed Dolibarr in a fresh installation, I ran the HTML
The modularization is done to have code cleaner for developer.
It seems useless for end user or a distribution: we can't imagine having
one debian package to build a pdf that include one image and another
package if we want the build a pdf to be able to have a different font and
another package to
On Thu, 5 May 2016 10:20:55 +0200 =?utf-8?B?T25kxZllaiBTdXLDvQ==?= <
ond...@sury.org> wrote:
> Dear maintainer(s),
>
> I am bumping the severity of this bug to serious, as we are going to
> remove src:php5 from Debian and your package is blocking the first
> step which is removal of php5 from testi
21:30:58.0
+0100
@@ -1,3 +1,11 @@
+dolibarr (3.5.5+dfsg1-1+deb8u1) UNRELEASED; urgency=high
+
+ * Fix CVE-2016-1912 (Closes: #812496)
+ * Fix CVE-2015-8685 (Closes: #812449)
+ * Fix CVE-2015-3935 (Closes: #787762)
+
+ -- Laurent Destailleur (eldy) Tue, 08 Sep
2015 15:22:52 +0200
+
dol
/changelog 2016-02-08 21:30:58.0
+0100
@@ -1,3 +1,11 @@
+dolibarr (3.5.5+dfsg1-1+deb8u1) UNRELEASED; urgency=high
+
+ * Fix CVE-2016-1912 (Closes: #812496)
+ * Fix CVE-2015-8685 (Closes: #812449)
+ * Fix CVE-2015-3935 (Closes: #787762)
+
+ -- Laurent Destailleur (eldy) Tue, 08 Sep
2015 15:22:52
Hi David.
I have sent to my mentor (Raphael Hertzog), a commit with the new upstream
6.2.12 updated, of TCPDF.
If you plan/want to move package maintenance into Debian PHP PEAR umbrella,
why not. What will be the benefit and impact ?
2016-02-23 4:33 GMT+01:00 David Prévot :
> Hi,
>
> On Sun, Fe
er discovered and fixed into 3.5.7
official projet ?
2015-09-03 18:43 GMT+02:00 Adam D. Barratt :
> Control: tags -1 + moreinfo
>
> On 2015-09-03 15:44, Laurent Destailleur (eldy) wrote:
>
>> A security error CVE-2015-3935 was reported for Dolibarr ERP CRM
>> package. This
The package already depends on libjs-jquery, so the /javascript should not
missing, because libjs-jquery should depends on it.
Don't you think the bug should be moved into libjs-jquery package ?
For the second point, i will replace the libjs-flot into libjs-jquery-flot
into a next patch.
2015-0
This is my point of view of what to do for this case:
My first choice was to not send any unblock request. Reaon is that CVE need
privileged account to be exploited, so it is not a high risk, and I would
not like to bother anybody.
However, Moritz Muehlenhoff ask me to provide a fix. A fix was al
> The persons in "which module were activated" disagree. "module" should
> read "modules".
>
> By the way, please use a complete sentence to introduce the list
> ("Most common used modules are: ").
>
--
Eldy (Laurent Destailleur).
EM
h a fix soon.
- --
Eldy (Laurent Destailleur).
EMail: e...@destailleur.fr
Web: http://www.destailleur.fr
Dolibarr (Project leader): http://www.dolibarr.org
To make a donation for Dolibarr project via Paypal: cont...@destailleur.fr
AWStats (Author) : http://awstats.sourceforge.net
To make a donation
Package: wnpp
Severity: wishlist
Owner: Laurent Destailleur
* Package name: dolibarr
Version : 3.1.0
Upstream Author : Laurent Destailleur
* URL : http://www.dolibarr.org/
* License : GPL
Programming Lang: PHP
Description : ERP and CRM to manage
Pv6xgF7I=
=AN2l
-END PGP SIGNATURE-
___
Pkg-awstats-devel mailing list
[EMAIL PROTECTED]
http://lists.alioth.debian.org/mailman/listinfo/pkg-awstats-devel
--
Laurent Destailleur.
---
EMail: [EMAIL PROTEC
t; absolutely required to execute javascript.
If I want to fix this "hole", i have to add the sanitizing command
$QueryString = CleanFromCSSA($QueryString); but this already done in
6.5. So i don't know how to fix this (if there is a hole). I didn't find
anywhere a way to exploit
21 matches
Mail list logo
