Version in base suite: 3.1.0-4lenny1
Version in overlay suite: (not present)

Base version: backuppc_3.1.0-4lenny1
Target version: backuppc_3.1.0-4lenny2
Base file: /org/ftp.debian.org/ftp/pool/main/b/backuppc/backuppc_3.1.0-4lenny1.dsc
Target file: /org/ftp.debian.org/queue/p-u-new/backuppc_3.1.0-4lenny2.dsc

 debian/changelog               |    7 +++++++
 lib/BackupPC/CGI/EditConfig.pm |    4 ++++
 2 files changed, 11 insertions(+)

diff -u backuppc-3.1.0/lib/BackupPC/CGI/EditConfig.pm backuppc-3.1.0/lib/BackupPC/CGI/EditConfig.pm
--- backuppc-3.1.0/lib/BackupPC/CGI/EditConfig.pm
+++ backuppc-3.1.0/lib/BackupPC/CGI/EditConfig.pm
@@ -429,6 +429,10 @@
         # based on what is enabled.  Admin users can edit all the
         # available per-host settings.
         #
+        
+        # Debian: ClientNameAlias is too dangerous, disable it
+        $bpc->{Conf}{CgiUserConfigEdit}{ClientNameAlias} = 0;
+        
         foreach my $m ( keys(%ConfigMenu) ) {
             my $enabled = 0;
             my $text = -1;
diff -u backuppc-3.1.0/debian/changelog backuppc-3.1.0/debian/changelog
--- backuppc-3.1.0/debian/changelog
+++ backuppc-3.1.0/debian/changelog
@@ -1,3 +1,10 @@
+backuppc (3.1.0-4lenny2) stable-proposed-updates; urgency=high
+
+  * Disable the modification of the alias for normal users to close
+    a potential security hole. Closes: #542218
+
+ -- Ludovic Drolez <ldrolez@debian.org>  Mon, 14 Sep 2009 16:47:20 +0200
+
 backuppc (3.1.0-4lenny1) stable-proposed-updates; urgency=high
 
   * Fix the permissions of the CGI script. Closes: #518518