-----BEGIN PGP SIGNED MESSAGE-----
Hash: RIPEMD160

Format: 1.8
Date: Sun, 11 Sep 2011 05:15:26 +0000
Source: dtc
Binary: dtc-common dtc-core dtc-cyrus dtc-postfix-courier dtc-stats-daemon dtc-toaster
Architecture: source all
Version: 0.29.18-1+lenny2
Distribution: lenny-security
Urgency: low
Maintainer: Thomas Goirand <zigo@debian.org>
Changed-By: Thomas Goirand <zigo@debian.org>
Description: 
 dtc-common - web control panel for admin and accounting hosting services (comm
 dtc-core   - web control panel for admin and accounting hosting services (fewe
 dtc-cyrus  - web control panel for admin and accounting hosting services (cyru
 dtc-postfix-courier - web control panel for admin and accounting hosting services (more
 dtc-stats-daemon - dtc-xen VM statistics for the dtc web control panel
 dtc-toaster - web control panel for admin and accounting hosting services (meta
Closes: 637469 637477 637485 637487 637537 637584 637618 637629 637630 637632 637669
Changes: 
 dtc (0.29.18-1+lenny2) lenny-security; urgency=low
 .
   * QA upload fixing:
     - Removed old iGlobalWall folder which included unwanted information.
     - Removed sourceless OSX mod_log_sql.so files (Closes: #637469).
     - Fixes lists shell injection issue (Closes: #637477).
     - Sets unix rights to non-world readable for the apache2.conf file,
     since it contains SQL access password (Closes: #637485).
     - Now htmlspecialchars() the output of DNS & MX, preventing a possible
     HTML injection issue (Closes: #637584).
     - Fixes "package installer includes php files in untrusted directories"
     if some package install packages are installed (Closes: #637629, #637630).
     - Adds htmlspecialchars() in the ticket display.
     - Fixes sudo access to chrootuid is giving access to root using the new
     dtc-chroot-wrapper (Closes: #637618).
     - Not using htpasswd -b to create .htpasswd files (Closes: #637537).
     - Checks $_SERVER["addrlink"] input correctly, since it could lead to very
     bad SQL insertion (Closes: #637487 ).
     - Fixes an SQL injection in package installer (Closes: #637632).
     - Fixes an SQL injection in the draw_user_admin.php (Closes: #637669).
Checksums-Sha1: 
 9e7675783f6ac3070dc332da98febc2af28894b6 1250 dtc_0.29.18-1+lenny2.dsc
 bdf1bef7c5d7e9d61892bc3875925503363354f5 7301006 dtc_0.29.18.orig.tar.gz
 b5e77fbbae9e27735c82751abc1ac0077146a002 78746 dtc_0.29.18-1+lenny2.diff.gz
 4445b341c0a0566e1f93325712fbd807bed799ab 1912204 dtc-common_0.29.18-1+lenny2_all.deb
 79612b46702ccd4823e1d8060eea8497cbe83d72 70510 dtc-core_0.29.18-1+lenny2_all.deb
 7456c345f99006e82795eb718e5d249606e8ddcd 70626 dtc-cyrus_0.29.18-1+lenny2_all.deb
 9edf5d6c9463161b49431da1a9ea8a65fd146cf0 72150 dtc-postfix-courier_0.29.18-1+lenny2_all.deb
 e145c361efd75c81675bdbd92c98eee47b2365af 31420 dtc-stats-daemon_0.29.18-1+lenny2_all.deb
 6f4e57a97ea09e1c647225199c0c2b6fa693a965 25814 dtc-toaster_0.29.18-1+lenny2_all.deb
Checksums-Sha256: 
 0205a5938ae0faee16d2d3d8df2d6fa9b311aae37c906c854ef585a981b8d3af 1250 dtc_0.29.18-1+lenny2.dsc
 4c6c116a378641114310bfa4c0595945f8077e222292577d060f0d7f32be37b9 7301006 dtc_0.29.18.orig.tar.gz
 e6741fced0c57c63d3b64dfc86c4b78361bd28c0b21c47b739fa8e478612dcca 78746 dtc_0.29.18-1+lenny2.diff.gz
 aad9db66e62d2f24c3b56d35a6c46d553f52a6361d82db873aecfaed65dcf124 1912204 dtc-common_0.29.18-1+lenny2_all.deb
 6574b290ee7ef3a68487bc6adf9be43ef10cf753bbbec0eea4ee6c0e2dfc2414 70510 dtc-core_0.29.18-1+lenny2_all.deb
 ae3ce5943e2b9cec34fa1b6c6f77cd1e035992e844ed890432a34338fc15091d 70626 dtc-cyrus_0.29.18-1+lenny2_all.deb
 a0988321c1edca4e4f68ecce6250cd404e84286f430007e90a94c3928acf9293 72150 dtc-postfix-courier_0.29.18-1+lenny2_all.deb
 2b5e79c3bf8972499b1640e905068efdee6a67edbd713d2b5f8f95949d8c1c0a 31420 dtc-stats-daemon_0.29.18-1+lenny2_all.deb
 e88ef80dedf21e996b36328a27a5be300c3b4fdeaedfe5781dc3d4ac17b3e617 25814 dtc-toaster_0.29.18-1+lenny2_all.deb
Files: 
 a3f3e14f6ea3d0cdceec1c80727160e8 1250 admin extra dtc_0.29.18-1+lenny2.dsc
 a974267096479c55720c8d7e3c00ae6d 7301006 admin extra dtc_0.29.18.orig.tar.gz
 79129db9e54025fe4a08f590249caf3c 78746 admin extra dtc_0.29.18-1+lenny2.diff.gz
 351c2f7d94f8fa02cc6fc85f7ecdc3a9 1912204 admin extra dtc-common_0.29.18-1+lenny2_all.deb
 eaaa9dfc160479f3a8cb4662087cf4dc 70510 admin extra dtc-core_0.29.18-1+lenny2_all.deb
 517eedc29e40d13333d713245e0435aa 70626 admin extra dtc-cyrus_0.29.18-1+lenny2_all.deb
 b46683262492c05b7096e4f81322fb56 72150 admin extra dtc-postfix-courier_0.29.18-1+lenny2_all.deb
 30edcbb544f59beb9e0949c6836a0380 31420 admin extra dtc-stats-daemon_0.29.18-1+lenny2_all.deb
 0434325a71c5fa9f6e174ac89f2085b8 25814 admin extra dtc-toaster_0.29.18-1+lenny2_all.deb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)

iEYEAREDAAYFAk5sVVUACgkQl4M9yZjvmkkv1QCffTfT59yeRRJPOunBaCKGLLpT
MowAnR2XE3OKrUWUAuwvJm/6kyhuwPxJ
=J5w+
-----END PGP SIGNATURE-----