2008
serendipity (1.0.4-1+etch1) stable-security; urgency=high
* Upload to stable-security for security issues. * Fix CVE-2008-????: XSS in published trackbacks. * Fix CVE-2008-0124: XSS in user realnames. * Fix CVE-2007-6205: XSS in remoterss plugin.
-- Thijs Kinkhorst <thijs@debian.org> Mon, 24 Mar 2008 16:47:25 +0100
2006
serendipity (1.0.4-1) unstable; urgency=medium
* New upstream bugfix release.
- Addresses security problem in unsupported configuration, however,
uploading with medium priority to protect even those with unwise
settings (CVE-2006-6242, closes: 401614).
* In default apache.conf, DirectoryMatch should be Directory.
-- Thijs Kinkhorst <thijs@debian.org> Tue, 28 Nov 2006 13:45:42 +0100
serendipity (1.0.3-4) unstable; urgency=low
* Add note to README.Debian about register_globals and it needing
to be off.
* Enclose php_flag statements in apache.conf in <IfModule>s.
* Correct serendipity_config_local.php for PostgreSQL when setting
a port number. Document that Serendipity does not currently support
running with a PostgreSQL on a non-default port number.
-- Thijs Kinkhorst <thijs@debian.org> Wed, 22 Nov 2006 21:20:28 +0100
serendipity (1.0.3-3) unstable; urgency=medium
* Properly support a remote database with dbconfig-common,
thanks Ingo Jürgensmann (Closes: 397884).
-- Thijs Kinkhorst <thijs@debian.org> Fri, 10 Nov 2006 15:23:52 +0100
serendipity (1.0.3-2) unstable; urgency=low
* Got permission from upstream to free the "36 days ago" and "Chumbly"
fonts; reincluding them in the package.
-- Thijs Kinkhorst <thijs@debian.org> Tue, 7 Nov 2006 17:17:12 +0100
serendipity (1.0.3-1) unstable; urgency=low
* New upstream bugfix release. * Replace bundled CheckIP.php with link to Debian packaged one.
-- Thijs Kinkhorst <thijs@debian.org> Tue, 7 Nov 2006 13:50:13 +0100
serendipity (1.0.2-1) unstable; urgency=medium
* Medium urgency upload for low-risk security issue.
* New upstream bugfix release.
- Fix a security issue with XSS on the admin backend for registered
authors.
-- Thijs Kinkhorst <thijs@debian.org> Wed, 18 Oct 2006 15:59:29 +0200
serendipity (1.0.1-5) unstable; urgency=low
* Change default SQL data to have the Serendipity location match the
location as specified in apache.conf.
-- Thijs Kinkhorst <thijs@debian.org> Wed, 27 Sep 2006 13:35:26 +0200
serendipity (1.0.1-4) unstable; urgency=high
* Also fix config script to be able to run when dbconfig-common is not
present anymore (Closes: #388234).
-- Thijs Kinkhorst <thijs@debian.org> Tue, 19 Sep 2006 12:42:48 +0200
serendipity (1.0.1-3) unstable; urgency=low
* Support sqlite as database type; add dependency on dbconfig-common >=
1.8.20 to that effect, include a schema and update the scripts.
* Fix postrm script to be able to purge when dbconfig-common is not
present anymore.
-- Thijs Kinkhorst <thijs@debian.org> Sat, 19 Aug 2006 19:05:47 +0200
serendipity (1.0.1-2) unstable; urgency=low
* Add README.Debian with a 'getting started' section (Closes: #383538). * Change apache.conf default alias from /s9y to /serendipity as per Debian webapps policy. * Change php_value to php_flag in example apache.conf.
-- Thijs Kinkhorst <thijs@debian.org> Fri, 18 Aug 2006 17:51:05 +0200
serendipity (1.0.1-1) unstable; urgency=low
* New upstream release. * Depends on pqsql-client should be postgresql-client.
-- Thijs Kinkhorst <thijs@debian.org> Mon, 14 Aug 2006 20:31:23 +0200
serendipity (1.0-2) unstable; urgency=low
* Fix templates to not include the comment count in the RSS, this causes
duplicates on aggregators like Planet. Via John Goerzen's blog.
* Add fix for RFC2616 compliance (from Serendipity 1.1), since Planet
requires this. It will be configurable in the next upstream release.
* Replace Net/Socket.php and Net/URL.php with their packaged variants.
* Some minor packaging cleanups.
-- Thijs Kinkhorst <thijs@debian.org> Mon, 7 Aug 2006 15:28:01 +0200
serendipity (1.0-1) unstable; urgency=low
* Initial release (Closes: #312413). * Repackaged upstream tarball to remove two non-free fonts.
-- Thijs Kinkhorst <thijs@debian.org> Sun, 6 Aug 2006 22:05:54 +0200