-userdir-ldap-cgi (0.3.39) UNRELEASED; urgency=medium
+userdir-ldap-cgi (0.3.39) unstable; urgency=medium
[ Peter Palfrader ]
* Fix changelog entries. The previos "UNRELEASED" version
was actually released.
* Use new CA root cert in Util.pm.
+ * Fix a XSS reported in
+ https://trac.torproject.org/projects/tor/ticket/14037
+ * Fix horrible use of crypto primitives.
+ * Add HMAC authentication to authtoken.
+ * Verify that the uid passed as a get parameters matches the
+ one stored in authtoken.
[ Hector Oron ]
* machines.cgi: add description field, more informative.
- -- Peter Palfrader <weasel@debian.org> Sun, 21 Dec 2014 10:13:44 +0100
+ -- Peter Palfrader <weasel@debian.org> Sat, 03 Jan 2015 13:30:18 +0100
userdir-ldap-cgi (0.3.38~20130906+1+nmu1) UNRELEASED; urgency=low