libkohana2-php (2.3.4-2+deb7u1build0.14.04.1) trusty-security; urgency=medium

  * fake sync from Debian

 -- Marc Deslauriers <marc.deslauriers@ubuntu.com>  Tue, 06 Feb 2018 09:26:52 -0500

libkohana2-php (2.3.4-2+deb7u1) wheezy-security; urgency=high

  * Non-maintainer upload by the LTS team.
  * Fix CVE-2016-10510: Cross-site scripting (XSS) vulnerability in the
    Security component of Kohana allows remote attackers to inject arbitrary
    web script or HTML by bypassing the strip_image_tags protection mechanism
    in system/classes/Kohana/Security.php. This issue was resolved by
    permanently removing the strip_image_tags function. Users are advised to
    sanitize user input by using external libraries.
    See also https://github.com/kohana/kohana/issues/107

 -- Markus Koschany <apo@debian.org>  Sun, 14 Jan 2018 17:12:42 +0100

libkohana2-php (2.3.4-2) unstable; urgency=low

  * debian/patches:
    - Added 02-php5.4.diff -- use ob_end_flush() in favor of ob_end_clean() if
      the buffer contains any data to make sure the rendered page is actually
      displayed (PHP 5.4 handles end_clean() a bit different than previous
      versions); thanks to Bernhard Schmidt for reporting this and Jörg Linge
      and 'Federico' for tracking down to problem (Closes: #665197).
  * debian/rules:
    - Provide recommended targets build-arch and build-indep.
  * debian/control:
    - Updated standards-version to 3.9.3 -- no changes.

 -- Sebastian Harl <tokkee@debian.org>  Fri, 29 Jun 2012 21:45:04 +0200

libkohana2-php (2.3.4-1) unstable; urgency=low

  [ Sven Velt ]
  * Initial release (Closes: #611240).
    - Strip out DejaVu-Font and depend on ttf-dejavu-core.
  * libkohana2-php.lintian-overrides: Overwrite warning about embedded
    Markdown.php -- Kohana2 ships a modified version of that library.

  [ Sebastian Harl ]
  * debian/patches:
    - Added 01-font-path.diff -- let 'fontpath' point to the DejaVu fonts in
      '/usr/share/fonts'.
  * Symlink and depend on libjs-jquery rather than shipping a private copy.
  * Build two binary packages: libkohana2-php and libkohana2-modules-php.
  * debian/rules:
    - Repack the upstream .zip archive in 'get-orig-source' using uscan.
    - Ship all 'config' directories in /etc and create appropriate symlinks in
      the 'system' and 'modules' directories.
    - Do not ship a local copy of DejaVuSerif.ttf in the binary packages.
  * debian/watch: mangle upstream version to prefix "b" and "rc" with a tilde.

 -- Sebastian Harl <tokkee@debian.org>  Wed, 02 Feb 2011 14:40:13 +0100
