Overview
Request 135624 accepted
- added 3-0-strip_tags.patch: (bnc#775649)
Do not mark strip_tags result as html_safe CVE-2012-3465
- added 2 patches to fix security issues:
2-3-null_param.patch (CVE-2012-2660) (bnc#765097)
2-3-null_array_param.patch (CVE-2012-2694) (bnc#766791)
- track series file from quilt for easier handling
- update to version 2.3.14
- fix fixing strip tags vulnerability (bnc#712057)
- fixing response splitting problem (bnc#712058)
- update to version 2.3.12
- dont call destroy on a session if it doesnt respond to destroy
- fix session timeout handling
- update to version 2.3.11: (bnc#668817)
- XSS Risk in mail_to :encode=>:javascript CVE-2011-0446
- CSRF Bypass Risk CVE-2011-0447
- Filter Problems on Case Insensitive Filesystems CVE-2011-0449
- Potential SQL Injection with limit() CVE-2011-0448
- Split off doc and testsuite subpackages.
- update to version 2.3.10
* Version bump.
- update to version 2.3.9
* Version bump.
Request History
lijews created request
- added 3-0-strip_tags.patch: (bnc#775649)
Do not mark strip_tags result as html_safe CVE-2012-3465
- added 2 patches to fix security issues:
2-3-null_param.patch (CVE-2012-2660) (bnc#765097)
2-3-null_array_param.patch (CVE-2012-2694) (bnc#766791)
- track series file from quilt for easier handling
- update to version 2.3.14
- fix fixing strip tags vulnerability (bnc#712057)
- fixing response splitting problem (bnc#712058)
- update to version 2.3.12
- dont call destroy on a session if it doesnt respond to destroy
- fix session timeout handling
- update to version 2.3.11: (bnc#668817)
- XSS Risk in mail_to :encode=>:javascript CVE-2011-0446
- CSRF Bypass Risk CVE-2011-0447
- Filter Problems on Case Insensitive Filesystems CVE-2011-0449
- Potential SQL Injection with limit() CVE-2011-0448
- Split off doc and testsuite subpackages.
- update to version 2.3.10
* Version bump.
- update to version 2.3.9
* Version bump.
lijews accepted request
