horde3 (3.1.7-1) unstable; urgency=high * New upstream release. * This new version has security fix: fix arbitrary file inclusion through abuse of the theme preference (see CVE-2008-1284 for more informations). (Closes: #470640) * Fix typo in debian/rules comments. * Add php-net-imap package in "Suggests" field. (Closes: #470283) * Add libgeoip1 package in "Suggests" field. (Closes: #376935) -- Gregory Colpart (evolix) Sat, 15 Mar 2008 14:00:34 +0100 horde3 (3.1.6-1) unstable; urgency=high * New upstream release. * This new version has security fixes : privilege escalation in the Horde API and XSS vulnerabilities (see CVE-2007-6018 for more informations). (Closes: #461131) * This new version fixes also translation error in it_IT locale (Closes: #459555) * Import fix from Horde CVS to correct invalid entities in es_ES translantion (thanks to Adrian Santos Marrero ) (Closes: #461400) * Update to standards version 3.7.3, no further required changes. * Use now Vcs-* fields in debian/control. * Remove empty directories which causes lintian warnings. * Bump debhelper compat level to 5. * Add Homepage field. -- Gregory Colpart (evolix) Sun, 20 Jan 2008 20:52:59 +0100 horde3 (3.1.4-2) unstable; urgency=low [ Gregory Colpart (evolix) ] * Added XS-VCS-* fields in debian/control. * Typo in previous changelog. [ Ola Lundqvist ] * Correction of log file problem in configuration file, closes: #452351. * Document that the echo line need to be removed as well, closes: #456908. -- Ola Lundqvist Sat, 22 Dec 2007 11:21:40 +0100 horde3 (3.1.4-1) unstable; urgency=high * New upstream release. * Transition to PHP5 for Recommends and Suggests fields. (Closes: #432237) * Remove old phpapi-* from Depends: (Closes: #420644) * Clean Depends, Recommends and Suggests fields. * Remove exec right for XML files in debian/rules. * Add locales in Recommends. * Disable upstream _detect_webroot() function (unusable in Debian). * Fix XSS vulnerability. See CVE-2007-1473 for more information. (Closes: #434045) -- Gregory Colpart (evolix) Tue, 24 Jul 2007 18:48:35 -0400 horde3 (3.1.3-5) unstable; urgency=low * Changed webroot from /horde to /horde3, especially regarding cookie handling, closes: #391493. -- Ola Lundqvist Mon, 21 May 2007 07:03:41 +0200 horde3 (3.1.3-4) unstable; urgency=high * Correction for arbitrary file deletion vulnerability, closes: #415116. Thanks to Paul TBBle Hampson for providing the patch. -- Ola Lundqvist Sat, 24 Mar 2007 21:19:05 +0100 horde3 (3.1.3-3) unstable; urgency=low * Recommend php-db (closes: #400277) -- Lionel Elie Mamane Sat, 27 Jan 2007 19:38:21 +0100 horde3 (3.1.3-2) unstable; urgency=low * Changed the default cookie path from /horde to horde3, closes: #391493. Thanks for Gregory Colpart for committing this change and to Lorenzo Bettini for suggesting it. -- Ola Lundqvist Mon, 9 Oct 2006 14:00:35 +0200 horde3 (3.1.3-1) unstable; urgency=low * New upstream version, closes: #383416. This is a bugfix release to correct CVE-2006-4256. * Now suggests gettext, closes: #385457. -- Ola Lundqvist Sun, 3 Sep 2006 12:34:06 +0200 horde3 (3.1.2-1) unstable; urgency=medium * New upstream release. One of the following is true: - This release fixes security problems CVE-2006-3549 and CVE-2006-3548 - These security problems were already fixed in the past in the Debian branch. - These security problems were already partially fixed in the past in the Debian version and this release mops up the rest. In all cases, closes: #378281 * Tweak README.Debian and example config a bit (closes: #373235) * Make the PHP tempdir configurable instead of hardcoded in the weekly cleanup script (closes: #376526) * Put the CREDITS file where the online help viewer expects it (closes: #357377) * Bump up Standards-Version -- Lionel Elie Mamane Sun, 16 Jul 2006 13:12:10 +0200 horde3 (3.1.1-4) UNRELEASED; urgency=low * Put debhelper in Build-Depends, not B-D-Indep. -- Lionel Elie Mamane Fri, 16 Jun 2006 11:49:45 +0200 horde3 (3.1.1-3) unstable; urgency=high * The SuSE maintainer found several XSS isses in Horde. See CVE-2006-2195 for more information. Thanks to Moritz Muehlenhoff for providing the patch. -- Ola Lundqvist Wed, 14 Jun 2006 09:36:43 +0200 horde3 (3.1.1-2) unstable; urgency=low * Correcting the dependencies for php5. * Jose Carlos Medeiros no longer maintainer of this package. -- Ola Lundqvist Sat, 6 May 2006 21:01:48 +0200 horde3 (3.1.1-1) unstable; urgency=high [ Lionel Elie Mamane ] * New upstream version - Close remote arbitrary command execution hole (closes: #360023) CVE-2006-1491 * Really exclude {arch} directory from being installed in binary package. -- Lionel Elie Mamane Thu, 6 Apr 2006 19:14:56 +0200 horde3 (3.1-2) UNRELEASED; urgency=low [ Lionel Elie Mamane ] * Conflict with versions of turba2 we break compatibility with. (closes: #360231) -- Lionel Elie Mamane Fri, 31 Mar 2006 23:08:02 +0200 horde3 (3.1-1) unstable; urgency=low [ Lionel Elie Mamane ] * Tweak the "Admin interface disabled because insecure" message. [ Ola Lundqvist ] * Updated to upstream version 3.1, closes: #356186, #356526. With correction for CVE-2006-1260 file disclosure vulnerability. Closes: #358812. This version correct CVE-2005-4190 as well, closes: #354512. * Modified dependencies in order to support php5 and to support recent installations of php4, closes: #353612, #359700, #359208. -- Ola Lundqvist Tue, 28 Mar 2006 20:58:38 +0200 horde3 (3.0.9-3) unstable; urgency=low * Move to team maintainership. * Make sure that {arch} is not a part of installed dir. -- Ola Lundqvist Sun, 12 Mar 2006 21:40:35 +0100 horde3 (3.0.9-2) unstable; urgency=high * Correct fix for weatherdotcom. -- Ola Lundqvist Fri, 16 Dec 2005 20:50:01 +0100 horde3 (3.0.9-1) unstable; urgency=high * New upstream release that correct a cross site scripting vulnerability as described in CVE-2005-4190, closes: #342942. * Documented that horde is incompatible with php4 session.auto_start option in the README.Debian file, closes: #341695. * Added php-mail to recommends list, closes: #339135. * Applied a patch to make weatherdotcom work, closes: #342161. Thanks to Giuseppe Iuculano . * Documented how to add alias to apache config, closes: #306605. * Changed the initial config message slightly, closes: #341358. -- Ola Lundqvist Fri, 16 Dec 2005 17:51:15 +0100 horde3 (3.0.7-1) unstable; urgency=high * New upstream release. This version fix cross site scripting vulnerabilities (CVE-2005-3759), closes: #340323. -- Ola Lundqvist Tue, 22 Nov 2005 22:45:59 +0100 horde3 (3.0.6-1) unstable; urgency=low * New upstream release. * Added phpapi-20041030 to the supported api versions (to support php5), closes: #333155. * Fixed so files in etc are rewritten the same was as files in usr/share, closes: #319780. * Updated to standards version 3.6.2. * Corrected to new FSF address. -- Ola Lundqvist Sat, 5 Nov 2005 16:11:03 +0100 horde3 (3.0.5-4) unstable; urgency=low * Minor fix for README.Debian file. * Added suggests of php4-mhash, closes: #335913. * Corrected dependency on php4, closes: #329940. * Corrected problem with ispell and Brazilian Language, closes: #328155. Thanks to Jose Carlos Medeiros for the fix. -- Ola Lundqvist Sat, 5 Nov 2005 12:40:43 +0100 horde3 (3.0.5-3) unstable; urgency=high * Improved description on why horde3 is disabled by default. -- Ola Lundqvist Sun, 9 Oct 2005 12:54:43 +0200 horde3 (3.0.5-2) unstable; urgency=high * Configuration disabled by default, closes: #332290, #332289. * Removed some crap from the README.Debian file, closes: #332276. -- Ola Lundqvist Sat, 8 Oct 2005 21:10:48 +0200 horde3 (3.0.5-1) unstable; urgency=low * New upstream release, closes: #325146, #315571, #325727, #321490, #309729, #304186. * Added gollem to suggest list, closes: #325492. * Added webcpp, chora2, xlhtml, ppthtml, wv, source-highlight, enscript and rpm to suggest list, closes: #309657, #326066. * Patched config/mime_drivers.php.dist so that no /usr/local is used for programs that exist in Debian archive, closes: #309661. -- Ola Lundqvist Fri, 9 Sep 2005 22:53:15 +0200 horde3 (3.0.4-4) unstable; urgency=low * Added conflict on horde so removing horde do not cause configuration removal in horde3, closes: #307623. -- Ola Lundqvist Wed, 4 May 2005 23:08:08 +0200 horde3 (3.0.4-3) unstable; urgency=medium * Removed post* and pre* files becuase they contain nothing that should remain. * Fixed dependency problem, closes: #294026. * Added a note about configuration to README.Debian, closes: #304086. -- Ola Lundqvist Sun, 17 Apr 2005 14:27:31 +0200 horde3 (3.0.4-2) unstable; urgency=low * Fixed permission problem on log file. * Updated copyright file. It actually use LGPL and not GPL. * Removed unnecessary config dir in /etc/horde/horde3. -- Ola Lundqvist Sun, 10 Apr 2005 19:51:55 +0200 horde3 (3.0.4-1) unstable; urgency=low * New upstream release. -- Ola Lundqvist Mon, 4 Apr 2005 08:11:18 +0200 horde3 (3.0.3-1) unstable; urgency=low * New upstream release. Jose Carlos Medeiros have helped a lot with this version. -- Ola Lundqvist Thu, 17 Feb 2005 15:41:33 -0200 horde3 (3.0.2-1) unstable; urgency=low * New upstream release. * Cooperated with Roberto Sanchez in order to complete this version. -- Ola Lundqvist Fri, 7 Jan 2005 13:41:54 +0100 horde3 (3.0.1-1) unstable; urgency=low * New upstream release. -- Ola Lundqvist Thu, 6 Jan 2005 16:35:23 +0100 horde3 (3.0-1) unstable; urgency=low * Initial Release. -- Ola Lundqvist Sat, 1 Jan 2005 14:51:04 +0100