extplorer (2.1.0b6+dfsg.3-4+deb7u5) wheezy-security; urgency=high

  * Non-maintainer upload by the Wheezy LTS Team. 
  * CVE-2017-12756
    Fix command inject in transfer from another server in extplorer 
    2.1.9 and prior allows attacker to inject command via the 
    userfile[0] parameter.

 -- Thorsten Alteholz <debian@alteholz.de>  Sun, 13 Aug 2017 16:03:02 +0200

extplorer (2.1.0b6+dfsg.3-4+deb7u4) wheezy-security; urgency=high

  * CVE-2016-4313: Fix archive traversal exploit in .zip extraction. The
    unzip/extract feature allowed for path traversal as decompressed files can
    be placed outside of the intended target directory if the archive content
    contained "../" characters.

 -- Chris Lamb <lamby@debian.org>  Mon, 15 Aug 2016 23:09:16 +0100

extplorer (2.1.0b6+dfsg.3-4+deb7u3) wheezy-security; urgency=high

  * Non-maintainer upload by the Wheezy LTS Team. 
  * CVE-2015-5660
    Cross-site request forgery (CSRF) vulnerability allows remote 
    attackers to hijack the authentication of arbitrary users for 
    requests that execute PHP code.

 -- Thorsten Alteholz <debian@alteholz.de>  Thu, 12 May 2016 17:03:02 +0200

extplorer (2.1.0b6+dfsg.3-4+deb7u2) wheezy-security; urgency=high

  * Non-maintainer upload by the Wheezy LTS Team. 
  * Multiple cross-site scripting (XSS) vulnerabilities in eXtplorer 
    before 2.1.7 allow remote attackers to inject arbitrary web script 
    or HTML via unspecified vectors.
    CVE-2015-0896 (Closes: #783231)
 
 -- Thorsten Alteholz <debian@alteholz.de>  Tue, 08 Mar 2016 18:03:02 +0100

extplorer (2.1.0b6+dfsg.3-4+deb7u1) wheezy-security; urgency=low

  * Upstream fix for XSS, path traversal and auth vulnerabilities.

 -- Thomas Goirand <zigo@debian.org>  Wed, 09 Oct 2013 16:52:17 +0000

extplorer (2.1.0b6+dfsg.3-4) unstable; urgency=low

  * Sets the stick bit on /var/lib/extplorer/ftp_tmp (Closes: #683649).

 -- Thomas Goirand <zigo@debian.org>  Sat, 20 Oct 2012 15:51:50 +0000

extplorer (2.1.0b6+dfsg.3-3) unstable; urgency=high

  * Fixes an Cross Site Request forgery security problem if user is logged
  by applyting upstream patch (Closes: #678737).
  * Bumps to compat level 8 and debhelper 8.
  * Added build-arch and build-indep targets in debian/rules.
  * Standards-Version is now 3.9.3.
  * Now uses format 1.0 for debian/copyright.
  * Removed leading article in short desc.

 -- Thomas Goirand <zigo@debian.org>  Fri, 22 Jun 2012 13:48:15 +0000

extplorer (2.1.0b6+dfsg.3-2) unstable; urgency=low

  * Renamed the Makefile patch and added the .swf removal patch to it,
  which makes now extplorer build correctly (Closes: #643110).

 -- Thomas Goirand <zigo@debian.org>  Thu, 20 Oct 2011 13:16:45 +0000

extplorer (2.1.0b6+dfsg.3-1) unstable; urgency=low

  * Added upstream fix for *not* displaying the admin icone (Closes: #600929).

 -- Thomas Goirand <zigo@debian.org>  Sun, 20 Mar 2011 14:21:11 +0800

extplorer (2.1.0b6+dfsg.2-1) unstable; urgency=low

  * Modified the debian/copyright to include the swfupload copyright-holder.
    (Closes: #592359).
  * Seems the swf file wasn't properly removed (maybe because of a Git usage
    mistake), this time it's ok.

 -- Thomas Goirand <zigo@debian.org>  Tue, 31 Aug 2010 21:16:18 +0800

extplorer (2.1.0b6+dfsg.1-1) unstable; urgency=low

  * Removed upstream swf file that didn't build from source (Closes: #591968)
  * Now depends on libapache2-mod-php5 | php5-cgi (Closes: #591947)
  * Standards-Version is now 8.9.1.

 -- Thomas Goirand <zigo@debian.org>  Mon, 09 Aug 2010 13:52:53 +0800

extplorer (2.1.0b6+dfsg-2) unstable; urgency=low

  * Added some explanations on how to setup extplorer in the README.Debian.
  * Added /usr/share/doc/extplorer/example.dot.htusers.php
  * Added Vcs-Browser field.

 -- Thomas Goirand <zigo@debian.org>  Thu, 15 Jul 2010 04:27:12 +0800

extplorer (2.1.0b6+dfsg-1) unstable; urgency=low

  * Initial release. (Closes: #561872)

 -- Thomas Goirand <zigo@debian.org>  Mon, 05 Jul 2010 19:53:12 +0800
