-roundcube (0.2~alpha-4) UNRELEASED; urgency=low
+roundcube (0.2~stable-1) unstable; urgency=low
+
+ * New upstream version. Closes: #503573, #504570.
+ + Add SQL update scripts for this new release and for
+ 0.2~alpha. Remove copy of SQL upgrade script from debian/rules.
+ + Remove patch for CVE-2008-5620 which is now fixed upstream.
+ + Remove patch correcting a vulnerability in html2text.php.
+ + Remove patch fixing login issue. This is fixed upstream.
+ + Remove patch setting the default backend to db instead of mdb2:
+ this is not possible any more. We depend on php-mdb2 now.
+ + Update patch to use packaged tinymce.
+ * Upload to unstable since Lenny is out.
+ * Apply fix for XSS issue (CVE-2009-0413). Closes: #514179.
+ * Remove hack to update a SQLite table for an upgrade from a quite old
+ version of roundcube.
+ * Fix pending l10n issues:
+ + Update English debconf template. Closes: #473794.
+ + Add Swedish translation thanks to Martin Bagge. Closes: #508752.
+
+ -- Vincent Bernat <bernat@debian.org> Sun, 15 Feb 2009 16:18:58 +0100
+
+roundcube (0.2~alpha-4) experimental; urgency=low
* Add missing ${misc:Depends} to make Lintian happy.
* Add description to each patch.
* Execute cron job only if the directory to clean exists.
* Reload web server configuration instead of restart, thanks to a patch
from Tiago Bortoletto Vaz. Closes: #508633.
+ * Fix a vulnerability in quota image generation. This fixes
+ CVE-2008-5620. Thanks to Nico Golde for reporting it. Closes: #509596.
* Add missing dependency on php5-gd, used for quota bar.
* For roundcube-pgsql, depends on postgresql-client only. This package
is provided by the currently supported real package.
- -- Vincent Bernat <bernat@debian.org> Wed, 24 Dec 2008 17:16:41 +0100
+ -- Vincent Bernat <bernat@debian.org> Thu, 25 Dec 2008 11:38:13 +0100
roundcube (0.2~alpha-3) experimental; urgency=high