2007
horde3 (3.1.3-4) unstable; urgency=high
* Correction for arbitrary file deletion vulnerability,
closes: #415116. Thanks to Paul TBBle Hampson <Paul.Hampson@Pobox.com>
for providing the patch.
-- Ola Lundqvist <opal@debian.org> Sat, 24 Mar 2007 21:19:05 +0100
horde3 (3.1.3-3) unstable; urgency=low
* Recommend php-db (closes: #400277)
-- Lionel Elie Mamane <lmamane@debian.org> Sat, 27 Jan 2007 19:38:21 +0100
2006
horde3 (3.1.3-2) unstable; urgency=low
* Changed the default cookie path from /horde to horde3, closes:
#391493. Thanks for Gregory Colpart <reg@evolix.fr> for committing
this change and to Lorenzo Bettini <bettini@dsi.unifi.it> for
suggesting it.
-- Ola Lundqvist <opal@debian.org> Mon, 9 Oct 2006 14:00:35 +0200
horde3 (3.1.3-1) unstable; urgency=low
* New upstream version, closes: #383416. This is a bugfix release to correct CVE-2006-4256. * Now suggests gettext, closes: #385457.
-- Ola Lundqvist <opal@debian.org> Sun, 3 Sep 2006 12:34:06 +0200
horde3 (3.1.2-1) unstable; urgency=medium
* New upstream release.
One of the following is true:
- This release fixes security problems CVE-2006-3549 and CVE-2006-3548
- These security problems were already fixed in the past in the Debian
branch.
- These security problems were already partially fixed in the past in
the Debian version and this release mops up the rest.
In all cases, closes: #378281
* Tweak README.Debian and example config a bit (closes: #373235)
* Make the PHP tempdir configurable instead of hardcoded in the weekly
cleanup script (closes: #376526)
* Put the CREDITS file where the online help viewer expects it
(closes: #357377)
* Bump up Standards-Version
-- Lionel Elie Mamane <lmamane@debian.org> Sun, 16 Jul 2006 13:12:10 +0200
horde3 (3.1.1-4) UNRELEASED; urgency=low
* Put debhelper in Build-Depends, not B-D-Indep.
-- Lionel Elie Mamane <lmamane@debian.org> Fri, 16 Jun 2006 11:49:45 +0200
horde3 (3.1.1-3) unstable; urgency=high
* The SuSE maintainer found several XSS isses in Horde. See
CVE-2006-2195 for more information. Thanks to Moritz Muehlenhoff
<jmm@inutil.org> for providing the patch.
-- Ola Lundqvist <opal@debian.org> Wed, 14 Jun 2006 09:36:43 +0200
horde3 (3.1.1-2) unstable; urgency=low
* Correcting the dependencies for php5. * Jose Carlos Medeiros no longer maintainer of this package.
-- Ola Lundqvist <opal@debian.org> Sat, 6 May 2006 21:01:48 +0200
horde3 (3.1.1-1) unstable; urgency=high
[ Lionel Elie Mamane <lmamane@debian.org> ] * New upstream version - Close remote arbitrary command execution hole (closes: #360023) CVE-2006-1491 * Really exclude {arch} directory from being installed in binary package.
-- Lionel Elie Mamane <lmamane@debian.org> Thu, 6 Apr 2006 19:14:56 +0200
horde3 (3.1-2) UNRELEASED; urgency=low
[ Lionel Elie Mamane <lmamane@debian.org> ] * Conflict with versions of turba2 we break compatibility with. (closes: #360231)
-- Lionel Elie Mamane <lmamane@debian.org> Fri, 31 Mar 2006 23:08:02 +0200
horde3 (3.1-1) unstable; urgency=low
[ Lionel Elie Mamane <lmamane@debian.org> ] * Tweak the "Admin interface disabled because insecure" message. [ Ola Lundqvist <opal@debian.org> ] * Updated to upstream version 3.1, closes: #356186, #356526. With correction for CVE-2006-1260 file disclosure vulnerability. Closes: #358812. This version correct CVE-2005-4190 as well, closes: #354512. * Modified dependencies in order to support php5 and to support recent installations of php4, closes: #353612, #359700, #359208.
-- Ola Lundqvist <opal@debian.org> Tue, 28 Mar 2006 20:58:38 +0200
horde3 (3.0.9-3) unstable; urgency=low
* Move to team maintainership.
* Make sure that {arch} is not a part of installed dir.
-- Ola Lundqvist <opal@debian.org> Sun, 12 Mar 2006 21:40:35 +0100
2005
horde3 (3.0.9-2) unstable; urgency=high
* Correct fix for weatherdotcom.
-- Ola Lundqvist <opal@debian.org> Fri, 16 Dec 2005 20:50:01 +0100
horde3 (3.0.9-1) unstable; urgency=high
* New upstream release that correct a cross site scripting vulnerability
as described in CVE-2005-4190, closes: #342942.
* Documented that horde is incompatible with php4 session.auto_start option
in the README.Debian file, closes: #341695.
* Added php-mail to recommends list, closes: #339135.
* Applied a patch to make weatherdotcom work, closes: #342161.
Thanks to Giuseppe Iuculano <giuseppe@iuculano.it>.
* Documented how to add alias to apache config, closes: #306605.
* Changed the initial config message slightly, closes: #341358.
-- Ola Lundqvist <opal@debian.org> Fri, 16 Dec 2005 17:51:15 +0100
horde3 (3.0.7-1) unstable; urgency=high
* New upstream release.
This version fix cross site scripting vulnerabilities (CVE-2005-3759),
closes: #340323.
-- Ola Lundqvist <opal@debian.org> Tue, 22 Nov 2005 22:45:59 +0100
horde3 (3.0.6-1) unstable; urgency=low
* New upstream release.
* Added phpapi-20041030 to the supported api versions (to support php5),
closes: #333155.
* Fixed so files in etc are rewritten the same was as files in usr/share,
closes: #319780.
* Updated to standards version 3.6.2.
* Corrected to new FSF address.
-- Ola Lundqvist <opal@debian.org> Sat, 5 Nov 2005 16:11:03 +0100
horde3 (3.0.5-4) unstable; urgency=low
* Minor fix for README.Debian file. * Added suggests of php4-mhash, closes: #335913. * Corrected dependency on php4, closes: #329940. * Corrected problem with ispell and Brazilian Language, closes: #328155. Thanks to Jose Carlos Medeiros <jcnascimento@gmail.com> for the fix.
-- Ola Lundqvist <opal@debian.org> Sat, 5 Nov 2005 12:40:43 +0100
horde3 (3.0.5-3) unstable; urgency=high
* Improved description on why horde3 is disabled by default.
-- Ola Lundqvist <opal@debian.org> Sun, 9 Oct 2005 12:54:43 +0200
horde3 (3.0.5-2) unstable; urgency=high
* Configuration disabled by default, closes: #332290, #332289. * Removed some crap from the README.Debian file, closes: #332276.
-- Ola Lundqvist <opal@debian.org> Sat, 8 Oct 2005 21:10:48 +0200
horde3 (3.0.5-1) unstable; urgency=low
* New upstream release,
closes: #325146, #315571, #325727, #321490, #309729, #304186.
* Added gollem to suggest list, closes: #325492.
* Added webcpp, chora2, xlhtml, ppthtml, wv, source-highlight, enscript
and rpm to suggest list, closes: #309657, #326066.
* Patched config/mime_drivers.php.dist so that no /usr/local is used
for programs that exist in Debian archive, closes: #309661.
-- Ola Lundqvist <opal@debian.org> Fri, 9 Sep 2005 22:53:15 +0200
horde3 (3.0.4-4) unstable; urgency=low
* Added conflict on horde so removing horde do not cause configuration
removal in horde3, closes: #307623.
-- Ola Lundqvist <opal@debian.org> Wed, 4 May 2005 23:08:08 +0200
horde3 (3.0.4-3) unstable; urgency=medium
* Removed post* and pre* files becuase they contain nothing that
should remain.
* Fixed dependency problem, closes: #294026.
* Added a note about configuration to README.Debian, closes: #304086.
-- Ola Lundqvist <opal@debian.org> Sun, 17 Apr 2005 14:27:31 +0200
horde3 (3.0.4-2) unstable; urgency=low
* Fixed permission problem on log file. * Updated copyright file. It actually use LGPL and not GPL. * Removed unnecessary config dir in /etc/horde/horde3.
-- Ola Lundqvist <opal@debian.org> Sun, 10 Apr 2005 19:51:55 +0200
horde3 (3.0.4-1) unstable; urgency=low
* New upstream release.
-- Ola Lundqvist <opal@debian.org> Mon, 4 Apr 2005 08:11:18 +0200
horde3 (3.0.3-1) unstable; urgency=low
* New upstream release.
Jose Carlos Medeiros <jose@psabs.com.br> have helped a lot with
this version.
-- Ola Lundqvist <opal@debian.org> Thu, 17 Feb 2005 15:41:33 -0200
horde3 (3.0.2-1) unstable; urgency=low
* New upstream release. * Cooperated with Roberto Sanchez <roberto@familiasanchez.net> in order to complete this version.
-- Ola Lundqvist <opal@debian.org> Fri, 7 Jan 2005 13:41:54 +0100
horde3 (3.0.1-1) unstable; urgency=low
* New upstream release.
-- Ola Lundqvist <opal@debian.org> Thu, 6 Jan 2005 16:35:23 +0100
horde3 (3.0-1) unstable; urgency=low
* Initial Release.
-- Ola Lundqvist <opal@debian.org> Sat, 1 Jan 2005 14:51:04 +0100