-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Format: 1.7
Date: Mon, 17 Mar 2003 20:12:07 +0100
Source: bonsai
Binary: bonsai
Architecture: source sparc
Version: 1.3+cvs20020224-1woody1
Distribution: stable-security
Urgency: high
Maintainer: Martin Schulze <joey@debian.org>
Changed-By: Rémi Perrot <rperrot@debian.org>
Description: 
 bonsai     - The famous Mozilla CVS query tool by web interface
Changes: 
 bonsai (1.3+cvs20020224-1woody1) stable-security; urgency=high
 .
   * Fix security bug that allow remote execution of command as www-data user
     (see #142317 upstream bug).
   * Fix security bug that cause absolute path disclosure (see #187230 upstream
     bug).
   * Fix security bug that makes Bonsai vulnerable to cross-site scripting
     attacks (see #146244 and #163573 upstream bug).
   * Access to parameters page isn't any more allowed without password (see
     #45579 upstream bug)
Files: 
 55a326a22076c5eb4ae06b9f45040ca0 675 web extra bonsai_1.3+cvs20020224-1woody1.dsc
 5dea945aa87188e1dda4f9e5a285808c 150238 web extra bonsai_1.3+cvs20020224.orig.tar.gz
 d168b5366401692756ad7d6260ca2f74 53566 web extra bonsai_1.3+cvs20020224-1woody1.diff.gz
 1d81d6c62382a6f78b7c3a11ea668ae1 158044 web extra bonsai_1.3+cvs20020224-1woody1_sparc.deb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.1 (GNU/Linux)

iD8DBQE+ds49W5ql+IAeqTIRAo0VAJ9MenXifU8yd8jfvGpe4ozq0tqZegCfU3A0
pZk8OF/7EC5MD5l7cOtmsj8=
=vh/5
-----END PGP SIGNATURE-----