Control: tags 682808 + squeeze confirmed On Wed, 2012-07-25 at 16:16 -0400, David Prévot wrote: > The spip package currently in stable is vulnerable to some security > issues (#677290, #672961, #680118), the last one being pretty nasty… > > Having no answer from the security team, I hereby propose this update > via the upcoming point release. As in #680381, the attached debdiff is > pretty thin: most of the changes, in the security screen file, are due > to rewritten comments.
+spip (2.1.1-3squeeze4) stable-security; urgency=low + + * Non-maintainer upload by the Security Team. Please s/-security// and drop the NMU comment. + * Updated security screen to 1.1.3. Prevent cross site scripting on referer + (addresses missing bits of [CVE-2012-2151]), cross site scripting and PHP + injections in internal functions. + Closes: #680118 The alignment of the Closes: item here looks slightly odd, imho (as do the others). Please go ahead; thanks. Regards, Adam -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
