serendipity (1.5.3-1) unstable; urgency=medium

  * New upstream release.
    + Unrestricted file upload vulnerability in s9y before 1.5
    (CVE-2009-4412, Closes: #562634)
    + Use debian libjs-yui instead of bundled lib.
    (CVE-2007-2385, Closes: #557746)
    + Addresses XSS problem. (CVE-2008-1385)
  * Fix postgres errors (Closes: #519713) 
  * Linking to debian-packaged PEAR libraries. (Closes: #541740)
  * Making package more compatible for (manual) multisite behavior.
    (Closes: #579144)
  * Packaging: debhelper v7.
  * Switch to dpkg-source 3.0 (quilt) format.
  * Fonts already in Debian: now depending on ttf-dejavu-core and
    ttf-aenigma for spamblock fonts.

 -- Jean-Marc Roth <jmroth@iip.lu>  Mon, 10 May 2010 15:58:25 +0200

serendipity (1.4.1-1) unstable; urgency=low

  * New upstream release.
  * Checked for policy 3.8.0, add README.source, refer to central
    copy of Apache 2 licence.
  * Remove other permissions from dirs under /var, and make
    uploads dir group readable, so that upload subdirs can be
    managed. Thanks Ingo Jürgensmann (closes: #502954).
  * Add note on 'nobody@example.org' appearing in RSS feed
    (closes: #502243).
  * Override embedded-javascript-library warning, since what we
    include in the package is not duplicated code.
  * Remove PHP4-related dependencies.
  * Minor packaging cleanups.

 -- Thijs Kinkhorst <thijs@debian.org>  Tue, 17 Feb 2009 00:40:23 +0100

serendipity (1.3.1-1) unstable; urgency=medium

  * New upstream release.
    + Addressess two less critical cross site scripting issues:
      CVE-2008-1385, CVE-2008-1386

 -- Thijs Kinkhorst <thijs@debian.org>  Wed, 23 Apr 2008 12:01:21 +0200

serendipity (1.3-1) unstable; urgency=high

  * New upstream release.
    + Addresses cross site scripting in published trackback.
      CVE-2008-1476

 -- Thijs Kinkhorst <thijs@debian.org>  Tue, 18 Mar 2008 20:18:42 +0100

serendipity (1.3~b1-1) unstable; urgency=medium

  * New upstream beta release.
  * Addresses cross site scripting between authenticated users on a multi-
    user blog (CVE-2008-0124, closes: #469667).
  * Default Apache AllowOverride setting to "All", to make URL rewriting
    without mod_rewrite work out of the box.

 -- Thijs Kinkhorst <thijs@debian.org>  Mon, 10 Mar 2008 17:02:51 +0100

serendipity (1.2.1-2) unstable; urgency=low

  * Switch from ttf-bitstream to ttf-dejavu in spamblock plugin
    (Closes: #461290).
  * Make enabling of url rewriting work from within Serendipity'
    configuration interface (Closes: #448782).
  * Switch to debhelper version 6.

 -- Thijs Kinkhorst <thijs@debian.org>  Sat, 19 Jan 2008 19:38:52 +0100

serendipity (1.2.1-1) unstable; urgency=low

  * New upstream release.
    + Fixes CVE-2007-6205: XSS through OPML RSS feeds.
  * Packaging cleanups (remove cruft, checked for new policy, ...)

 -- Thijs Kinkhorst <thijs@debian.org>  Sun, 09 Dec 2007 10:26:09 +0100

serendipity (1.2-1) unstable; urgency=low

  * New upstream release.
  * Supports sqlite3, so enable that in dbconfig-common aswell.

 -- Thijs Kinkhorst <thijs@debian.org>  Mon, 27 Aug 2007 20:45:15 +0200

serendipity (1.1.4-1) unstable; urgency=high

  * New upstream release.
    Fixes security issue in Extended properties for entries plugin,
    relevant for users of that plugin only.
  * Add watch file.

 -- Thijs Kinkhorst <thijs@debian.org>  Wed, 08 Aug 2007 13:32:15 +0200

serendipity (1.1.3-1) unstable; urgency=high

  * New upstream release.
  * Addresses an SQL injection through the commentMode variable.
    This only allowed disclosure of MD5 password hashes.
  * Drop some very long keys from the SQL files, since these cause
    "too long key" problems with recent MySQL versions
    (Closes: #425380).

 -- Thijs Kinkhorst <thijs@debian.org>  Tue, 19 Jun 2007 14:25:30 +0200

serendipity (1.1.2-1) unstable; urgency=low

  * New upstream release.
  * Improves SQL error handling to address non-issue CVE-2007-1326.
  * Add symlink to SQL schemata under /usr/share/doc/serendipity.

 -- Thijs Kinkhorst <thijs@debian.org>  Tue, 10 Apr 2007 16:12:08 +0200

serendipity (1.0.4-1) unstable; urgency=medium

  * New upstream bugfix release.
    - Addresses security problem in unsupported configuration, however,
      uploading with medium priority to protect even those with unwise
      settings (CVE-2006-6242, closes: 401614).
  * In default apache.conf, DirectoryMatch should be Directory.

 -- Thijs Kinkhorst <thijs@debian.org>  Tue, 28 Nov 2006 13:45:42 +0100

serendipity (1.0.3-4) unstable; urgency=low

  * Add note to README.Debian about register_globals and it needing
    to be off.
  * Enclose php_flag statements in apache.conf in <IfModule>s.
  * Correct serendipity_config_local.php for PostgreSQL when setting
    a port number. Document that Serendipity does not currently support
    running with a PostgreSQL on a non-default port number.

 -- Thijs Kinkhorst <thijs@debian.org>  Wed, 22 Nov 2006 21:20:28 +0100

serendipity (1.0.3-3) unstable; urgency=medium

  * Properly support a remote database with dbconfig-common,
    thanks Ingo Jürgensmann (Closes: 397884).

 -- Thijs Kinkhorst <thijs@debian.org>  Fri, 10 Nov 2006 15:23:52 +0100

serendipity (1.0.3-2) unstable; urgency=low

  * Got permission from upstream to free the "36 days ago" and "Chumbly"
    fonts; reincluding them in the package.

 -- Thijs Kinkhorst <thijs@debian.org>  Tue,  7 Nov 2006 17:17:12 +0100

serendipity (1.0.3-1) unstable; urgency=low

  * New upstream bugfix release.
  * Replace bundled CheckIP.php with link to Debian packaged one.

 -- Thijs Kinkhorst <thijs@debian.org>  Tue,  7 Nov 2006 13:50:13 +0100

serendipity (1.0.2-1) unstable; urgency=medium

  * Medium urgency upload for low-risk security issue.
  * New upstream bugfix release.
    - Fix a security issue with XSS on the admin backend for registered
      authors.

 -- Thijs Kinkhorst <thijs@debian.org>  Wed, 18 Oct 2006 15:59:29 +0200

serendipity (1.0.1-5) unstable; urgency=low

  * Change default SQL data to have the Serendipity location match the
    location as specified in apache.conf.

 -- Thijs Kinkhorst <thijs@debian.org>  Wed, 27 Sep 2006 13:35:26 +0200

serendipity (1.0.1-4) unstable; urgency=high

  * Also fix config script to be able to run when dbconfig-common is not
    present anymore (Closes: #388234).

 -- Thijs Kinkhorst <thijs@debian.org>  Tue, 19 Sep 2006 12:42:48 +0200

serendipity (1.0.1-3) unstable; urgency=low

  * Support sqlite as database type; add dependency on dbconfig-common >=
    1.8.20 to that effect, include a schema and update the scripts.
  * Fix postrm script to be able to purge when dbconfig-common is not
    present anymore.

 -- Thijs Kinkhorst <thijs@debian.org>  Sat, 19 Aug 2006 19:05:47 +0200

serendipity (1.0.1-2) unstable; urgency=low

  * Add README.Debian with a 'getting started' section (Closes: #383538).
  * Change apache.conf default alias from /s9y to /serendipity as per Debian
    webapps policy.
  * Change php_value to php_flag in example apache.conf.

 -- Thijs Kinkhorst <thijs@debian.org>  Fri, 18 Aug 2006 17:51:05 +0200

serendipity (1.0.1-1) unstable; urgency=low

  * New upstream release.
  * Depends on pqsql-client should be postgresql-client.

 -- Thijs Kinkhorst <thijs@debian.org>  Mon, 14 Aug 2006 20:31:23 +0200

serendipity (1.0-2) unstable; urgency=low

  * Fix templates to not include the comment count in the RSS, this causes
    duplicates on aggregators like Planet. Via John Goerzen's blog.
  * Add fix for RFC2616 compliance (from Serendipity 1.1), since Planet
    requires this. It will be configurable in the next upstream release.
  * Replace Net/Socket.php and Net/URL.php with their packaged variants.
  * Some minor packaging cleanups.

 -- Thijs Kinkhorst <thijs@debian.org>  Mon,  7 Aug 2006 15:28:01 +0200

serendipity (1.0-1) unstable; urgency=low

  * Initial release (Closes: #312413).
  * Repackaged upstream tarball to remove two non-free fonts.

 -- Thijs Kinkhorst <thijs@debian.org>  Sun,  6 Aug 2006 22:05:54 +0200

