Add fixes for CVE-2008-1614

[manu/suphp.git] / debian / changelog

diff --git a/debian/changelog b/debian/changelog
index 443247f..c6265db 100644 (file)
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,3 +1,28 @@
+suphp (0.6.2-2+etch0) stable-security; urgency=high
+
+  * The following security issue is addressed with this update:
+    - CVE-2008-1614: allows local users to gain privileges via a race
+    condition in symlinks handling
+
+ -- Emmanuel Lacour <elacour@home-dn.net>  Fri, 11 Apr 2008 11:31:28 +0200
+
+suphp (0.6.2-2) unstable; urgency=low
+
+  * remove apache 1.x package (closes: #429079)
+  * debian/rules, debian/compat, debian/control: lintian cleanup
+  * debian/conf/suphp.conf, debian/patches/01_debian.dpatch: replaced
+    AddHandler by AddType and x-httpd-php by application/x-httpd-php to get
+    the same behavior as mod php with filenames extensions (closes: #416424)
+
+ -- Emmanuel Lacour <elacour@home-dn.net>  Sun, 14 Oct 2007 19:42:30 +0200
+
+suphp (0.6.2-1) unstable; urgency=low
+
+  * New uptream release (closes: #405059)
+    (no sources changes from previous snapshot)
+
+ -- Emmanuel Lacour <elacour@home-dn.net>  Tue,  9 Jan 2007 18:29:26 +0100
+
 suphp (0.6.1.20061108-1) unstable; urgency=low
 
   * New upstream snapshot (closes: #395929)