libapache-mod-security (2.5.12-1+squeeze2) stable-security; urgency=high

  * CVE-2013-1915: Fix for XXE attacks.
    Applied backported patch from 2.7.3. (Closes: #704625)
    Adds new SecXmlExternalEntity option which by default (Off) disables
    the external entity load task executed by libxml2.

 -- Alberto Gonzalez Iniesta <agi@inittab.org>  Mon, 02 Jul 2012 14:47:33 +0000

libapache-mod-security (2.5.12-1+squeeze1) stable-security; urgency=high

  * CVE-2012-2751: Fix multi-part bypass due to wrong quoting.
    Applied backported patch from 2.6.6. (Closes: #678529)

 -- Alberto Gonzalez Iniesta <agi@inittab.org>  Mon, 02 Jul 2012 14:47:33 +0000

libapache-mod-security (2.5.12-1) unstable; urgency=low

  * New upstream release. Fixes several security issues.
    (Closes: #569658)
  * Moved to dpkg-source 3.0 (quilt).
  * Bumped Standards-Version to 3.8.4.0

 -- Alberto Gonzalez Iniesta <agi@inittab.org>  Thu, 11 Mar 2010 13:36:25 +0100

libapache-mod-security (2.5.11-1) unstable; urgency=low

  * New upstream release
  * Changed section to httpd (from web)

 -- Alberto Gonzalez Iniesta <agi@inittab.org>  Thu, 12 Nov 2009 11:50:33 +0100

libapache-mod-security (2.5.10-1) unstable; urgency=low

  * New upstream version.
  * debian/control: remove mod-security-common dependency on
    libapache-mod-security. (Closes: #529064)
  * liblua correctly detected on build now. (Closes: #524913)

 -- Alberto Gonzalez Iniesta <agi@inittab.org>  Thu, 01 Oct 2009 12:57:44 +0200

libapache-mod-security (2.5.9-1) unstable; urgency=high

  * New upstream release. (Closes: #512472)
    Urgency high due to it fixing multiple remote DoS.
    Bugtraq ID: 34096
  * Moved to debhelper compatibility level 7:
    - echo 7 > debian/compat
    - Added ${misc:Depends} to debian/control
    - Bumped debhelper version dependency in debian/control
  * Fixed long description formatting. (Closes: #516540)
  * Prepared build of mlogc, not releasing this time due to
    urgency of release and missing man page.

 -- Alberto Gonzalez Iniesta <agi@inittab.org>  Mon, 23 Mar 2009 09:56:42 +0100

libapache-mod-security (2.5.6-1) unstable; urgency=low

  * The 'Back to the archive!' Release (Closes: #487431)
  * Drop '2' from package name, now libapache-mod-security
  * New upstream release
    - Includes a new licensing exception that allows binary 
      distribution with licenses not compatible with GPLv2,
      such as Apache's. See MODSECURITY_LICENSING_EXCEPTION
  * Removed debian/bug and debian/rules entry to install bug
    handling when out of the archive.
  * Bumped Standards-Version to 3.8.0.0

 -- Alberto Gonzalez Iniesta <agi@inittab.org>  Fri, 08 Aug 2008 13:31:56 +0200

libapache-mod-security2 (2.5.5-1) unstable; urgency=low

  * New upstream release

 -- Alberto Gonzalez Iniesta <agi@inittab.org>  Tue, 10 Jun 2008 17:21:48 +0200

libapache-mod-security2 (2.5.0-1) unstable; urgency=low

  * New upstream release
  * Added liblua5.1-0-dev to Build-Depends
  * Added apache2-prefork-dev as Build-Depends alternative

 -- Alberto Gonzalez Iniesta <agi@inittab.org>  Sun, 09 Mar 2008 19:41:47 +0100

libapache-mod-security2 (2.1.5-1) unstable; urgency=low

  * New upstream release

 -- Alberto Gonzalez Iniesta <agi@inittab.org>  Thu, 31 Jan 2008 16:27:29 +0100

libapache-mod-security2 (2.1.2-1) unstable; urgency=low

  * New upstream version

 -- Alberto Gonzalez Iniesta <agi@inittab.org>  Mon, 06 Aug 2007 21:55:28 +0200

libapache-mod-security2 (2.1.0-1) unstable; urgency=low

  * New upstream version
  * Added Core Rules to examples directory

 -- Alberto Gonzalez Iniesta <agi@inittab.org>  Sun,  4 Mar 2007 15:17:08 +0100

libapache-mod-security2 (2.0.4-1) unstable; urgency=low

  * New upstream version

 -- Alberto Gonzalez Iniesta <agi@inittab.org>  Sat, 18 Nov 2006 11:00:21 +0100

libapache-mod-security2 (2.0.3-1) unstable; urgency=low

  * Initial release (Only available for Apache 2.x)

 -- Alberto Gonzalez Iniesta <agi@inittab.org>  Mon, 06 Nov 2006 17:55:54 +0100

libapache-mod-security (1.9.4-2) unstable; urgency=low

  * Moved to apache2.2-common
  * Fixed Depends between libapache2-mod-security, libapache-mod-security and
    mod-security-common, so they can be binNMUed
  * Bumped Standards-Version to 3.7.2.2

 -- Alberto Gonzalez Iniesta <agi@inittab.org>  Mon, 30 Oct 2006 16:52:16 +0100

libapache-mod-security (1.9.4-1) unstable; urgency=low

  * New upstream release.
  * Added bug control files to avoid spamming Debian's BTS.
    Thanks Daniel Baumann for the patch.

 -- Alberto Gonzalez Iniesta <agi@inittab.org>  Thu,  1 Jun 2006 09:29:40 +0200

libapache-mod-security (1.9.2.0-1) unstable; urgency=low

  * New upstream release.
    Note: Added extra .0 to version number to ease upgrading from -rc3
    packages.

 -- Alberto Gonzalez Iniesta <agi@inittab.org>  Fri, 27 Jan 2006 14:32:04 +0100

libapache-mod-security (1.9.2-rc3-1) unstable; urgency=low

  * New upstream release.
  * Moved away from Debian's archive due to license problems.
    (You may find updates @ http://inittab.org/debian)
  * Removed tests, as upstream did. Removed README.debian as it
    only mentioned tests.

 -- Alberto Gonzalez Iniesta <agi@inittab.org>  Sat, 14 Jan 2006 21:44:50 +0100

libapache-mod-security (1.8.7-1) unstable; urgency=medium

  * New upstream release. (Closes: #285365)
  * Fixes several security issues, thus the urgency.
  * Set proper permissions on test suite scripts (Closes: #304195)
  * Corrected minor typo in README.Debian (Closes: #304196)
  * debian/control: Reworded packages descriptions to be more useful.
    (Closes: #304445)

 -- Alberto Gonzalez Iniesta <agi@inittab.org>  Sun, 10 Apr 2005 12:28:03 +0200

libapache-mod-security (1.8.4-2) unstable; urgency=medium

  * New maintainer (Closes: #303613)
  * Thanks Adam Conrad for helping with the apache2
    LFS transition. (Closes: #267353)
  * Patched apache2/mod_security.c to include regex.h and build
    correctly. (Closes: #297983). Thanks Andreas Jochens.
    This was RC, thus the urgency.

 -- Alberto Gonzalez Iniesta <agi@inittab.org>  Fri,  8 Apr 2005 08:48:11 +0200

libapache-mod-security (1.8.4-1.1) unstable; urgency=high

  * NMU: Back out the ill-fated apache2 LFS transition. (closes: #267353)
  * Bump the apache2-threaded-dev build-dep to (>= 2.0.50-10)

 -- Adam Conrad <adconrad@0c3.net>  Sun, 22 Aug 2004 22:49:06 -0700

libapache-mod-security (1.8.4-1) unstable; urgency=medium

  * Upload/fixes on maintainer's behalf (hence non-NMU version)
  * New upstream version (Closes: #256414)
  * Rebuilt with latest apache2-dev (Closes: #266187)
  * Change apache2-dev build-dep to apache2-threaded-dev, as the
    former is a virtual package, and can't have a versioned dep.

 -- Adam Conrad <adconrad@0c3.net>  Tue, 17 Aug 2004 05:42:20 -0600

libapache-mod-security (1.7.1-1) unstable; urgency=low

  * New upstream version
  * Fix example http.conf path references in README.Debian (Closes: #216464)
  * Fix upstream url in copyright file
  * Also install new util directory with snort2modsec scripts
  * Added doc-base support for pdf documentation
  * Updated to use modules-config for apache 1.x instead of deprecated apacheconfig
  * Added http.example from CVS as upstream forgot to update it in tarball and
    there was some failing new tests 

 -- Bruno Rodrigues <bruno.rodrigues@litux.org>  Wed, 22 Oct 2003 14:29:09 +0100

libapache-mod-security (1.6-1) unstable; urgency=low

  * New upstream version (1.5 and 1.5.1 missed due to old information in
    old site; new site at http://www.modsecurity.org)
  * Fix typo in description (Closes: #195860)
  * Bumped Standards-Version to 3.6.1
  * Since 1.5, mod_security supports apache 2.x, so there's a corresponding
    new libapache2-mod-security and a -common package

 -- Bruno Rodrigues <bruno.rodrigues@litux.org>  Mon, 29 Sep 2003 14:48:32 +0100

libapache-mod-security (1.4.2-1) unstable; urgency=low

  * New upstream version
  * New package (Closes: #178722)
  * Fixed a bug in postrm

 -- Bruno Rodrigues <bruno.rodrigues@litux.org>  Wed, 19 Mar 2003 02:51:55 +0000

libapache-mod-security (1.4-0) unstable; urgency=low

  * Initial release

 -- Bruno Rodrigues <bruno.rodrigues@litux.org>  Tue, 28 Jan 2003 04:22:39 +0000
