-gforge (4.7~rc2-svn6665-1) unstable; urgency=low
+gforge (4.7.1.99.1-1) experimental; urgency=low
- * SVN build
+ * New package: gforge-plugin-scmbzr (not complete yet!).
- -- Christian Bayle <bayle@debian.org> Mon, 06 Oct 2008 18:43:47 +0200
+ -- Roland Mas <lolando@debian.org> Thu, 05 Feb 2009 22:14:45 +0100
+
+gforge (4.7.1-2) experimental; urgency=low
+
+ * New upstream snapshot (SVN r7012 in the 4.7 branch).
+ * Fixed bashisms in /usr/lib/gforge/bin/setup, thanks to Gonéri Le
+ Bouder (Closes: #514768).
+ * Fixed permissions of /var/lib/gforge/download (needs to belong to
+ www-data).
+
+ -- Roland Mas <lolando@debian.org> Fri, 20 Feb 2009 14:19:05 +0100
+
+gforge (4.7.1-1) experimental; urgency=low
+
+ * New upstream release.
+
+ -- Roland Mas <lolando@debian.org> Thu, 05 Feb 2009 21:01:10 +0100
+
+gforge (4.7-1) experimental; urgency=low
+
+ [ Roland Mas ]
+ * New upstream release.
+ * Made PostgreSQL dependency stricter: some of the views only work with
+ versions >= 8.1 (closes: #498811).
+
+ [ Christian Bayle ]
+ * Enable apache2 mod rewrite
+
+ -- Roland Mas <lolando@debian.org> Sun, 01 Feb 2009 19:22:16 +0100
+
+gforge (4.7~rc2-7) unstable; urgency=high
+
+ * Fixed yet another SQL injection vulnerability due to insufficient
+ input sanitizing (CVE-2008-2381).
+
+ -- Roland Mas <lolando@debian.org> Wed, 17 Dec 2008 15:26:59 +0100
+
+gforge (4.7~rc2-6) unstable; urgency=high
+
+ * Removed gforge-plugins-extra binary package (closes: #504758). I
+ can't promise to do security support for it, and it's quite
+ susceptible to security holes since it ships local copies of PHP
+ libraries.
+
+ -- Roland Mas <lolando@debian.org> Sat, 15 Nov 2008 20:06:46 +0100
gforge (4.7~rc2-5) unstable; urgency=high
* Fix several SQL injection vulnerabilities due to insufficient input
- sanitizing.
+ sanitizing (CVE-2008-6187, CVE-2008-6188; CVE-2008-6189).
-- Roland Mas <lolando@debian.org> Mon, 06 Oct 2008 16:12:50 +0200