cakephp (1.3.15-1+deb7u2build0.14.04.1) trusty-security; urgency=medium

  * fake sync from Debian

 -- Tyler Hicks <tyhicks@canonical.com>  Wed, 15 Mar 2017 20:37:24 +0000

cakephp (1.3.15-1+deb7u2) wheezy-security; urgency=high

  * Non-maintainer upload by the LTS team.
  * Fix CVE-2016-4793:
    The getClientIP function allowed remote attackers to spoof their IP
    address. This vulnerability could be used to bypass access control lists
    to get access to sensitive data, or lead to higher severity vulnerabilities
    if untrusted data returned by getClientIP() is treated as safe and used
    without appropriate sanitization within SQL queries, system command calls
    etc.

 -- Markus Koschany <apo@debian.org>  Fri, 24 Feb 2017 07:23:33 +0100

cakephp (1.3.15-1+deb7u1) wheezy-security; urgency=medium

  * Address SSRF (Server Side Request Forgery) attack by
    ensuring included files are "regular" (eg. `./foo.xml`) rather than merely
    existing (eg. `/dev/urandom`, etc.). (Closes: #832283)

 -- Balint Reczey <balint@balintreczey.hu>  Sat, 23 Jul 2016 10:30:59 +0200

cakephp (1.3.15-1) unstable; urgency=low

  * New upstream release (Closes: #665218)
  * Bump Standards-Version to 3.9.2.
  * Update 02-cake-binary-libs.diff.

 -- Chris Lamb <lamby@debian.org>  Tue, 26 Jun 2012 17:20:45 +0100

cakephp (1.3.7-1) unstable; urgency=low

  * New upstream release.
  * Update Vcs-{Git,Browser}.
  * Bump Standards-Version to 3.9.1.
  * Update debian/watch location. Thanks to Martin Atukunda <matlads@gmail.com>
    (Closes: #603476)

 -- Chris Lamb <lamby@debian.org>  Sun, 27 Feb 2011 21:15:13 +0000

cakephp (1.3.2-1) unstable; urgency=low

  * New upstream release (Closes: #585684)

 -- Chris Lamb <lamby@debian.org>  Tue, 15 Jun 2010 10:05:07 +0100

cakephp (1.3.0-1) unstable; urgency=low

  * New upstream release (Closes: #581400)
  * Update debian/watch.
  * Bump Standards-Version to 3.8.4.
  * Refresh 01-remove-shebang.diff.
  * Refresh 02-cake-binary-libs.diff.
  * Also delete 'empty' files in cakephp-scripts.
  * Remove unnecessary executable bits.

 -- Chris Lamb <lamby@debian.org>  Thu, 20 May 2010 00:12:41 +0100

cakephp (1.2.5-1) unstable; urgency=low

  * New upstream stable release.
  * Allow empty directories in "cakephp" package too; it includes a test
    project which has these directories by default.

 -- Chris Lamb <lamby@debian.org>  Wed, 13 Jan 2010 23:24:24 +0000

cakephp (1.2.4.8284-1) unstable; urgency=low

  * New upstream bugfix release.
  * Bump Standards-Version to 3.8.3
  * Bump Build-Depends on debhelper as we use override_* rules.
  * Use "dh --with quilt" instead of overriding targets to add the quilt stamp
    file to their dependencies.

 -- Chris Lamb <lamby@debian.org>  Mon, 24 Aug 2009 23:37:41 +0100

cakephp (1.2.3.8166-1) unstable; urgency=low

  * New upstream release.
  * Move to Debhelper 7 and override_*-based customisations.
  * Bump Standards-Version to 3.8.1.
  * Using "find ... -print0 | xargs -0" over "find ... | xargs".
  * Add ${misc:Depends} to all binary package Depends.

 -- Chris Lamb <lamby@debian.org>  Sat, 09 May 2009 13:16:16 +0100

cakephp (1.2.1.8004-2) unstable; urgency=low

  * Correct reference to `bake.php` in README.Debian. (Closes: #517031)
  * Update Git repository locations.
  * Correct watch file.

 -- Chris Lamb <lamby@debian.org>  Fri, 06 Mar 2009 11:32:39 +0000

cakephp (1.2.1.8004-1) unstable; urgency=low

  * New upstream release.
  * Add patch description for 02-cake-binary-libs.diff.
  * Use © symbol in debian/copyright to appease lintian.
  * Update years in debian/copyright.

 -- Chris Lamb <lamby@debian.org>  Sun, 15 Feb 2009 22:52:53 +0000

cakephp (1.2.0.7962.final-1) unstable; urgency=low

  * New stable upstream release, released Christmas Day.
  * Update debian/cakephp.docs.
  * Remove unused "package-contains-empty-directory" Lintian overrides for
    cakephp binary package.
  * Remove code to reset pointless executable bits on files (merged upstream 
    via https://trac.cakephp.org/ticket/3817).

 -- Chris Lamb <lamby@debian.org>  Tue, 30 Dec 2008 00:42:46 +0000

cakephp (1.2.0.7692-rc3-1) unstable; urgency=low

  * New upstream release.
  * New maintainer email address.

 -- Chris Lamb <lamby@debian.org>  Sat, 04 Oct 2008 15:49:12 +0100

cakephp (1.2.0.7296-rc2-1) unstable; urgency=low

  * New upstream release.

 -- Chris Lamb <chris@chris-lamb.co.uk>  Wed, 02 Jul 2008 13:03:41 +0100

cakephp (1.2.0.7125-rc1-1) unstable; urgency=low

  * New upstream release.
  * Replace now cakephp1.2 package
    - Conflict with and replace cakephp1.2
  * Migrate away from CDBS and dpatch to debhelper and quilt
  * Rename XS-Vcs-* to Vcs-*.
  * Move to machine-readable debian/copyright
  * Bump Standards-Version to 3.8.0

 -- Chris Lamb <chris@chris-lamb.co.uk>  Thu, 03 Apr 2008 13:03:11 +0100

cakephp (1.1.19.6305-1) unstable; urgency=low

  * New upstream release.
  * Remove php4 and php4-cli from Depends: and associated
    Lintian override.
  * Bump Standards-Version to 3.7.3.
  * Rework debian/rules, debian/cakephp.install,
    debian/cakephp-scripts.install, etc.
  * Add Lintian overrides for empty-dir warnings.

 -- Chris Lamb <chris@chris-lamb.co.uk>  Thu, 03 Jan 2008 15:47:47 +0000

cakephp (1.1.18.5850-2) unstable; urgency=low

  * Add Homepage: field
  * Expand acl.php manpage (Closes: #453700)

 -- Chris Lamb <chris@chris-lamb.co.uk>  Mon, 03 Dec 2007 02:58:26 +0000

cakephp (1.1.18.5850-1) unstable; urgency=low

  * New upstream release.
  * Add php5-mysql to Suggests:.

 -- Chris Lamb <chris@chris-lamb.co.uk>  Fri, 02 Nov 2007 13:10:17 +0000

cakephp (1.1.17.5612-2) unstable; urgency=low

  * Add cakephp-instaweb to Suggests:.

 -- Chris Lamb <chris@chris-lamb.co.uk>  Mon, 24 Sep 2007 17:53:34 +0100

cakephp (1.1.17.5612-1) unstable; urgency=low

  * New upstream release.
  * Alters default app location for bake.php-generated apps. Thanks
    to Edwin Taylor <hagfish@ntlworld.com>. (Closes: #441263)
  * Add XS-Vcs-Git and XS-Vcs-Browse lines to debian/control.

 -- Chris Lamb <chris@chris-lamb.co.uk>  Fri, 14 Sep 2007 19:16:55 +0100

cakephp (1.1.16.5421-1) unstable; urgency=low

  * New upstream release.

 -- Chris Lamb <chris@chris-lamb.co.uk>  Fri, 13 Jul 2007 01:18:30 +0100

cakephp (1.1.15.5144-1) unstable; urgency=low

  * New upstream release.
  * Ensure global cake/vendors directory is in /usr/share/php/cake.

 -- Chris Lamb <chris@chris-lamb.co.uk>  Tue, 22 May 2007 01:23:16 +0100

cakephp (1.1.14.4797-1) unstable; urgency=low

  * New upstream release.
  * Fixed package description. (Closes: #420580)
  * Updated debian/watch to not match development branch.

 -- Chris Lamb <chris@chris-lamb.co.uk>  Wed, 25 Apr 2007 23:23:46 +0100

cakephp (1.1.13.4450-1) unstable; urgency=low

  * Initial release.
  * The bake.php and acl.php scripts have been moved to /usr/bin and set
    executable. Their on-line help has been adjusted to match.

 -- Chris Lamb <chris@chris-lamb.co.uk>  Mon, 19 Mar 2007 19:55:39 +0000
